Home SECURITY malicious code made its creators rich

malicious code made its creators rich

malicious code made its creators rich


Hackers Surprise: Malicious Code “Golden” Its Creators

The Vastflux scam campaign showed how creative attackers can be.

A massive scam campaign dubbed “Vastflux” was recently brought to a complete halt by security researchers from a division of Satori, a company HUMAN. As part of the campaign, cybercriminals spoofed more than 1,700 apps from 120 publishers, mostly for iOS.

This scam has been dubbed “Vastflux” because of the “VAST” video ad template used and the “fast flux” evasion method needed to hide malicious code by quickly changing a large number of IP addresses and DNS records associated with a single domain.

According to a HUMAN report, Vastflux generated over 12 billion requests per day at its peak and affected about 11 million devices, many of which are in the Apple iOS ecosystem.

Learn more about Vastflux

The Satori research team discovered Vastflux while investigating a new ad fraud scheme. They noticed that the application generates an unusually large number of requests using different identifiers.

The researchers completed reverse engineering obfuscated code (see term “obfuscation”) JavaScript that was running on the app and discovered the IP address of the command and control (C2) server it was communicating with, as well as the commands it sent to generate ads.

HUMAN said that as a result of the fraudulent campaign, the attackers injected malicious JavaScript code into advertisements and then “layered” video players with ads on top of each other. Yes, in such a way that none of them was visible to the user – they were all displayed behind the active window. However, with each video launched, ingenious cyber bandits were monetized. “Layer” in this way they got up to 25 video players at the same time. We can say for sure that the hackers managed to make decent money at this enterprise.

Rendering multiple invisible video ads

Stopping Vastflux Activity

HUMAN mapped Vastflux’s infrastructure in detail and launched three waves of targeted actions between June and July 2022. Eventually, Vastflux took their C2 servers offline for a while and reduced their operations, and on December 6th, advertising operations came to a complete halt.

Vastflux shutdown timeline

Although ad fraud does not have a malicious effect on app users, it causes device performance degradation, increases battery and Internet traffic consumption, and can also cause the device to overheat.

The above symptoms are common signs of a malware infection or ad fraud on a device. If you find something like this on your smartphone, you should try to identify the application that consumes most of the resources and get rid of it forever.

Video ads consume much more power than static ads, and a few hidden video players even more so. Therefore, it is very important to always monitor running processes and detect signs of malware in time.


Source link



Please enter your comment!
Please enter your name here