>
Researchers have discovered a huge network of fake apps that display fake ads, mainly on iOS devices.
The operation was dubbed “Vastflux” in reference to its use of the Video Ad Serving Template specification, as well as the fast-flux technique of changing masses of IP addresses and DNS records to avoid the malicious code in the bogus apps. hide.
Cybersecurity Team HUMAN discovered Vastflux while investigating another ad fraud network and found that it generated more than 12 billion ad requests per day and affected more than 11 million devices, most of them iOS.
Hidden videos
The researchers were tipped off about the campaign when they came across an app that was using multiple app IDs to generate an unhealthy number of requests.
After reverse engineering the obfuscated JavaScript code, they found the main server that the app communicated with and sent the app the ad-generating commands.
From here, the researchers uncovered the entire network, which involved nearly 2,000 fake apps. As they explained, the malvertising in these bad apps had “a bunch of video players stacked on top of each other, paying for all the ads while none of them were visible to the person using the device.”
When it won the bids it made for displaying ad banners, Vastflux would inject the hidden JavaScript code into it. This would give the C2 server the data it needs to create the fake ad. Up to 25 videos would run at a time, but they would remain invisible to the user as they would be displayed behind the active window.
The scheme also did not use ad verification tags, which are required to view performance statistics, to avoid detection by ad performance trackers.
HUMAN launched a series of targeted attacks against Vastflux between June and July 2022, with the help of customers and the counterfeited brands. December 2022.
While the campaign didn’t seem to have had a major impact on the security of the infected devices, it did cause performance issues, battery drain and, in some cases, overheating.
These are typical signs of an infection, so beware if your notification ends up on your device in this way. While you cannot track the usage of performance-related hardware like CPU and RAM on an iPhone by default, there are third-party apps that can. You can also view the battery usage on iOS under the device settings, which can be an indication of the presence of suspicious apps.