The Vastflux scam campaign showed how creative attackers can be.
A massive scam campaign dubbed "Vastflux" was recently brought to a complete halt by security researchers from Satori's division of HUMAN. As part of the campaign, cybercriminals spoofed more than 1,700 apps from 120 publishers, mostly for iOS.
This scam has been dubbed "Vastflux" because of the "VAST" video ad template used and the "fast flux" evasion method needed to hide malicious code by quickly changing a large number of IP addresses and DNS records associated with a single domain.
According to a HUMAN report, Vastflux generated over 12 billion requests per day at its peak and affected about 11 million devices, many of which are in the Apple iOS ecosystem.
Learn more about Vastflux
The Satori research team discovered Vastflux while investigating a new ad fraud scheme. They noticed that the application generates an unusually large number of requests using different identifiers.
Vastflux shutdown Activity
HUMAN mapped Vastflux's infrastructure in detail and launched three waves of targeted actions between June and July 2022. Eventually, Vastflux took their C2 servers offline for a while and reduced their operations, and on December 6th, advertising operations came to a complete halt.
Although ad fraud does not have a malicious effect on app users, it causes device performance degradation, increases battery and Internet traffic consumption, and can also cause the device to overheat.
The above symptoms are common signs of a malware infection or ad fraud on a device. If you find something like this on your smartphone, you should try to identify the application that consumes most of the resources and get rid of it forever.
Video ads consume much more power than static ads, and a few hidden video players even more so. Therefore, it is very important to always monitor running processes and detect signs of malware in time.