When you visit a website, there is a chance that you are greeted with an advertisement (or multiple ads). What’s actually happening is that a number of advertising companies are competing for that particular ad slot on the website. All of this happens instantaneously, so the advertisement you see is a result of a contest that happens right there and then. What if there are multiple winners for that particular contest, and all of them are getting paid for it? 

Scam attack

The Ad Scam, now known as Vastflux, was revealed by security researchers on January 19, 2023. Marion Habiby, a data scientist (and also the lead researcher on the case), states that this is the biggest and the most complex attack ever seen. The organization behind these attacks ran the scam for a considerable amount of time and made copious amounts of money while doing so. Billions of advertisements are displayed across websites and applications every single day, which is how ad networks make money – by getting people to click on them. This generates hundreds of billions of dollars in revenue per year.

The fraud involved multiple steps, as per reports. The fraudulent organization, upon winning the auction for an advertisement slot, used to maliciously stack multiple video advertisements on top of each other. They weren’t trying to hack or hijack a device or network, they were simply inserting JavaScript code into that ad to take control of that particular slot. By the time the ad disappears, the attack is terminated – leaving practically no trace. 

Habiby further states that at the peak of the attacks, 12 billion requests were made per day. 11 million devices were affected by the attack. Whereas iOS devices were the ones primarily affected, Android phones were also a victim of the attack. Unfortunately, users couldn’t possibly notice if their device was being affected. But there was an after-effect of the attack – the stacked advertisements were causing phone batteries to drain significantly faster.

In light of ongoing investigations, the name of the organization behind these attacks hasn’t been revealed. Vastflux has undoubtedly created ripples in the world of cybersecurity. 

RELATED:


(Source, Via)

RELATED ARTICLESMORE FROM AUTHOR