HUMAN Security Stops VASTFLUX Digital Ad Fraud Operation

HUMAN Security has stopped VASTFLUX, a digital ad fraud operation in which cybercriminals injected malicious JavaScript code into their ads.

The operation was shut down via a private takedown led by HUMAN’s Satori Threat Intelligence and Research Team, according to the company.

Satori’s team found VASTFLUX while investigating an iOS app that was affected by a phishing attack. He discovered a “very sophisticated scheme [that exploited] the limited signal available to verification partners in the targeted environment,” HUMAN said.

A closer look at VASTFLUX

The name “VASTFLUX” comes from the combination of “quickflow,” which is a circumvention technique used by cybercriminals, and VAST, the digital video ad delivery template that cybercriminals exploited, HUMAN noted. During the operation, the cybercriminals stacked dozens of video ads on top of each other. From here, they recorded ad views that were invisible to the end user.

Ultimately, HUMAN implemented three mitigation measures to protect its customers from VASTFLUX, followed by a private takedown, the company claimed. VASTFLUX accounted for more than 12 billion fraudulent ad requests per day and affected nearly 11 million devices at its peak. It also represents the largest operation discovered by Satori to date.

HUMAN Identifies Scylla’s Ad Fraud Operation

The VASTFLUX news comes after HUMAN uncovered the Scylla operation in September 2022, which featured more than 75 Android apps and 10 iOS apps that cybercriminals used to commit ad fraud. During Scylla, cybercriminals targeted advertising software development kits (SDKs) inside Android and iOS apps that were collectively downloaded more than 13 million times, HUMAN claimed.

Meanwhile, HUMAN continues to search for VASTFLUX, Scylla, and other ad fraud operators. The company also offers cybersecurity solutions that global brands can use to protect against account abuse, bots, and fraud.

Leave a Comment