Security experts take down spam network hitting millions of iOS devices
Researchers have uncovered a huge network of fake apps running fake ads, mainly on iOS devices.
The operation was named ‘Vastflux’ in reference to its use of the Video Ad Serving Template specification, as well as the fast-flux technique to change masses of IP addresses and DNS records to hide the malicious code within the fake apps.
Cybersecurity Team HUMAN discovered Vastflux during an investigation of another ad-fraud network, finding that it generated over 12 billion ad bid requests a day and affected over 11 million devices, most of which were iOS.
Hidden videos
The researchers were tipped off to the campaign when they stumbled across an app that was using multiple app IDs to generate an unhealthy amount of requests.
After reverse engineering the obfuscated JavaScript code, they found the main server the app was in communication with and which sent the app the ad-generating commands.
From here, the researchers uncovered the whole network, which involved nearly 2,000 fake apps. As they explained, the malvertising in these bad apps had “stacked a whole bunch of video players on top of one another, getting paid for all of the ads when none of them were visible to the person using the device.”
When it won the bids it made for displaying ad banners, Vastflux would inject the hidden JavaScript code into it. This would the C2 server to get the data needed to make the fake ad. Up to 25 videos would be running simultaneously, but remain invisible to the user as they would be displayed behind the active window.
The scheme also didn’t use ad verification tags, needed to view performance metrics, in order to avoid detection from ad-performance trackers.
HUMAN, with the help of customers and the brands who were spoofed, launched a series of targeted attacks on Vastflux between June and July 2022. The C2 servers then went offline after a while as their operations wound down, until all ad bids reached zero in December 2022.
Although the campaign did not appear to have had a major security impact on the infected devices, it did cause performance issues, battery drain and overheating in some cases.
These are typical signs of an infection, so pay heed if your notice hits like this to your device. Although you cannot monitor the usage of performance-related hardware such as CPU and RAM on an iPhone natively, there are third party apps that can. Also, you can view the battery usage on iOS under the device settings, which may give some indication to the presence of suspect apps.
Audio player loading… Researchers have uncovered a huge network of fake apps running fake ads, mainly on iOS devices. The operation was named ‘Vastflux’ in reference to its use of the Video Ad Serving Template specification, as well as the fast-flux technique to change masses of IP addresses and DNS…
Recent Posts
- I thought screens on earbuds cases were a bit meh – but JBL just proved me wrong
- How much would you pay for this prototype Super Famicom with a headphone jack?
- Google’s AI plans now include cybersecurity
- Microsoft ramps up plans to capture carbon from burning wood
- How to Watch the Boeing Starliner Launch
Archives
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011