Breach, Channel partners, Content, Content

HUMAN Security Stops VASTFLUX Digital Ad Fraud Operation

Hacking red and blue digital binary code matrix 01 background. Hacker, dark web, matrix, Digital data code in safety security technology concept. 3D rendering

HUMAN Security has stopped VASTFLUX, a digital ad fraud operation in which cybercriminals injected malicious JavaScript code into their ads.

The operation was shut down through a private takedown led by HUMAN's Satori Threat Intelligence and Research Team, according to the company.

The Satori team found VASTFLUX while it was investigating an iOS app that was impacted by an app spoofing attack. It uncovered a "very sophisticated scheme the limited signal available to verification partners in the environment they targeted," HUMAN said.

A Closer Look at VASTFLUX

The name "VASTFLUX" comes from the combination of "fast flux," which is an evasion technique used by cybercriminals, and VAST, the digital video ad serving template that cybercriminals exploited, HUMAN noted. During the operation, cybercriminals stacked dozens of video ads on top of one another. From here, they registered views for ads that were invisible to the end-user.

Ultimately, HUMAN deployed three mitigation measures to protect its customers from VASTFLUX, followed by a private takedown, the company stated. VASTFLUX accounted for more than 12 billion fraudulent ad requests a day and impacted nearly 11 million devices at its peak. It also represents the biggest operation uncovered by Satori to date.

HUMAN Identifies Scylla Ad Fraud Operation

The VASTFLUX news comes after HUMAN in September 2022 discovered the Scylla operation, which featured more than 75 Android apps and 10 iOS apps that cybercriminals used ad fraud. During Scylla, cybercriminals targeted advertising software development kits (SDKs) within Android and iOS apps that were collectively downloaded more than 13 million times, HUMAN stated.

Meanwhile, HUMAN continues to look for VASTFLUX, Scylla and other ad fraud operators. The company also provides cybersecurity solutions that global brands can use to guard account abuse, bots and fraud.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.