From securityweek.com
Dubbed VastFlux, the scheme relied on JavaScript code injected into digital ad creatives, which resulted in fake ads being stacked behind one another to generate revenue for the fraudsters. More than 11 million devices were impacted in the scheme.
The JavaScript code used by the fraudsters allowed them to stack multiple video players on top of one another, generating ad revenue when, in fact, the user was never shown the ads.
VastFlux, Human says, was an adaptation of an ad fraud scheme identified in 2020, targeting in-app environments that run ads, especially on iOS, and deploying code that allowed the fraudsters to evade ad verification tags.