Traffic signals: The VASTFLUX Takedown
Any good raconteur will tell you the best stories often happen when you’re not specifically looking for them. Such is the case with the Satori Threat Intelligence and Research Team’s latest takedown of a scheme we’ve dubbed VASTFLUX. The team came across unexpected web traffic patterns passing through a popular app, and while digging through that app, the Satori team uncovered a rabbit hole that got deeper and deeper the more they explored.
What the team pieced together was an expansive malvertising operation in which the bad actors injected JavaScript into ad creatives they issued, and then stacked a whole bunch of video players on top of one another, getting paid for all of the ads when none of them were visible to the person using the device.
The now-defunct VASTFLUX is an apparent adaptation of an earlier ad fraud scheme first reported in 2020. VASTFLUX evaded ad verification tags, deploying code that prevented detection of the scheme.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25408886/post_logo.png){kind=logo}
