Ad fraud is a major issue in the digital advertising industry, costing businesses billions of dollars each year. Recently, a massive iOS ad fraud operation known as “Vastflux” was disrupted by security researchers at the cybersecurity company HUMAN. This operation was particularly noteworthy as it spoofed more than 1,700 applications from 120 publishers, mostly for iOS devices.
Vastflux was able to generate over 12 billion bid requests per day at its peak. It can impact almost 11 million devices, many in Apple’s iOS ecosystem. The operation’s name came from the VAST ad-serving template and the “fast flux” evasion technique. It can conceal malicious code by rapidly changing many IP addresses and DNS records associated with a single domain.
Vastflux investigation on iOS fraud
What mapping reveals?
To evade detection, Vastflux omitted the use of ad verification tags, which allows marketers to generate performance metrics. By avoiding these, the scheme was made invisible to most third-party ad-performance trackers.
Having mapped the infrastructure for the Vasstflux operation, HUMAN launched three waves of targeted action between June and July 2022. It involves customers, partners, and spoofed brands, each delivering a blow to the fraudulent activity. Eventually, Vastflux took its C2 servers offline for a while and scaled down its operations. On December 6, 2022, the ad bids went down to zero for the first time.
Ad fraud not only causes financial losses for businesses, but it can also have a negative impact on the user experience. Ad fraud can cause performance drops for devices, increase the use of battery and internet data, and even lead to device overheating. These are common signs of adware infections or ad fraud on a device, and users should be aware of these signs and try to pinpoint the app(s) that are causing the issue. Video ads consume much more power than static ads, and multiple hidden video players can be difficult to detect with performance monitors. Therefore, it’s crucial for users to always keep an eye on running processes and look for signs of trouble.
In conclusion, the Vastflux ad fraud operation was a significant threat to the digital advertising industry, spoofing over 1,700 applications and impacting almost 11 million devices. The efforts of HUMAN’s research team were able to disrupt this operation and bring an end to its fraudulent activity. Ad fraud not only causes financial losses for businesses, but it can also negatively impact the user experience. It is important for both businesses and users to be aware of the signs of ad fraud and take steps to protect themselves from it.