A new report has concluded that over 11 millions Android and iPhone users have unknowingly been the target of an ad-fraud scheme. The attack by a malicious scheme called Vastflux is one of the biggest ad-frauds ever discovered.
Discover our latest podcast
The scheme works by attacking the online advertising ecosystem behind the automated ad industry. It’s also known as progammatic advertising, and its huge business with $418 billion spent on it last year alone.
12 billion requests per day
The report by Wired, indicated that the scheme impacted 11 million phones, with the attackers spoofing 1,700 apps and targeting 120 publishers. Researchers at cyber firm Human Security uncovered the organised attack, which at its peak was making 12 billion requests for ads per day.
The hackers needed to just hijack one ad slot to embed its malicious code after winning the auction for that ad space. The programme meant that one advert could multiply into 25 different video ads beneath the surface whilst only showing one, which just looked like any other ad.
This enabled the fraudsters to make huge amounts of money from a large number of advertisements and phone users would be unaware it was even going on.
How to detect the fraud
Marion Habiby, a data scientist at Human Security and the lead researcher on the case, described how the attack was both one of the most sophisticated and largest the company had seen, as per Wired:
It is clear the bad actors were well organized and went to great lengths to avoid detection, making sure the attack would run as long as possible—making as much money as possible.
Signs that it was happening on your phone are difficult to spot but could include it turning off suddenly or you saw big and unexplained increases in data usage.
Experts also suggested keeping an eye on the performance of an app and whether it slows down suddenly or crashes frequently, as per The Sun.
Whilst phone users may have seen performance issues with their phones, it will not have caused any financial loss and it seems now the operation has been shut down since Human Security exposed the scheme.
Sources used:
-Wired'A Sneaky Ad Scam Tore Through 11 Million Phones'
- The Sun 'Over 11million iPhone and Android owners have ‘criminal’ app – check yours now'