BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Malicious Code made a fortune for Its Creators


    The Vastflux scam campaign showed how creative attackers can be.

    A massive scam campaign dubbed "Vastflux" was recently brought to a complete halt by security researchers from Satori's division of HUMAN. As part of the campaign, cybercriminals spoofed more than 1,700 apps from 120 publishers, mostly for iOS.

    This scam has been dubbed "Vastflux" because of the "VAST" video ad template used and the "fast flux" evasion method needed to hide malicious code by quickly changing a large number of IP addresses and DNS records associated with a single domain.

    According to a HUMAN report, Vastflux generated over 12 billion requests per day at its peak and affected about 11 million devices, many of which are in the Apple iOS ecosystem.

    Learn more about Vastflux

    The Satori research team discovered Vastflux while investigating a new ad fraud scheme. They noticed that the application generates an unusually large number of requests using different identifiers.

    The researchers reverse-engineered the obfuscated JavaScript code that was running on the app and discovered the IP address of the command and control (C2) server it was communicating with, as well as the commands it sent to generate ads.

    HUMAN said that as a result of the fraudulent campaign, the attackers injected malicious JavaScript code into advertisements and then "layered" video players with ads on top of each other. Yes, in such a way that none of them was visible to the user - they were all displayed behind the active window. However, with each video launched, ingenious cyber bandits were monetized. “Layer” in this way they got up to 25 video players at the same time. We can say for sure that the hackers managed to make decent money at this enterprise.

    Vastflux shutdown Activity

    HUMAN mapped Vastflux's infrastructure in detail and launched three waves of targeted actions between June and July 2022. Eventually, Vastflux took their C2 servers offline for a while and reduced their operations, and on December 6th, advertising operations came to a complete halt.

    Although ad fraud does not have a malicious effect on app users, it causes device performance degradation, increases battery and Internet traffic consumption, and can also cause the device to overheat.

    The above symptoms are common signs of a malware infection or ad fraud on a device. If you find something like this on your smartphone, you should try to identify the application that consumes most of the resources and get rid of it forever.

    Video ads consume much more power than static ads, and a few hidden video players even more so. Therefore, it is very important to always monitor running processes and detect signs of malware in time.

    Author DeepWeb
    Riot Games company has been hacked
    Cybercriminals have defaced the ODIN Intelligence website

    Comments 0

    Add comment