The operation was shut down through a private takedown led by HUMAN's Satori Threat Intelligence and Research Team, according to the company.
The Satori team found VASTFLUX while it was investigating an iOS app that was impacted by an app spoofing attack. It uncovered a "very sophisticated scheme the limited signal available to verification partners in the environment they targeted," HUMAN said.
A Closer Look at VASTFLUX
The name "VASTFLUX" comes from the combination of "fast flux," which is an evasion technique used by cybercriminals, and VAST, the digital video ad serving template that cybercriminals exploited, HUMAN noted. During the operation, cybercriminals stacked dozens of video ads on top of one another. From here, they registered views for ads that were invisible to the end-user.
Ultimately, HUMAN deployed three mitigation measures to protect its customers from VASTFLUX, followed by a private takedown, the company stated. VASTFLUX accounted for more than 12 billion fraudulent ad requests a day and impacted nearly 11 million devices at its peak. It also represents the biggest operation uncovered by Satori to date.
HUMAN Identifies Scylla Ad Fraud Operation
The VASTFLUX news comes after HUMAN in September 2022 discovered the Scylla operation, which featured more than 75 Android apps and 10 iOS apps that cybercriminals used ad fraud. During Scylla, cybercriminals targeted advertising software development kits (SDKs) within Android and iOS apps that were collectively downloaded more than 13 million times, HUMAN stated.
Meanwhile, HUMAN continues to look for VASTFLUX, Scylla and other ad fraud operators. The company also provides cybersecurity solutions that global brands can use to guard account abuse, bots and fraud.