Experts dismantle a fake ad network affecting millions of iPhones |
Information security researchers have discovered a large network of rogue apps that display fake ads, particularly on Apple iPhones.
This process is called Vastflux because it uses the Video Ad Display Model (VAST) specification along with Flux technology to modify blocks of Internet Protocol (IP) addresses and Domain Name System (DNS) records to turn malicious code into fake to disguise applications.
Operation Vastflux was exposed by HUMAN's cybersecurity team investigating another ad fraud ring and found that more than 11 million devices were affected, mostly iOS and Apple devices, generating more than 12 billion bid requests per day. . Note that the offer request is a piece of code used to sell visual ads. They allow visitors to see ads most relevant to them and allow multiple advertisers to use the same ad on a given publisher platform.
Researchers discovered the campaign when they discovered an app that was generating an unusual number of RFQs with multiple App IDs. After reverse engineering the obfuscated JavaScript code, they located the main server the app was communicating with that had received commands from the app to create ads.
From there, the researchers explored the entire network, which included nearly 2,000 rogue apps. In these rogue apps, they explain, malicious ads stack a whole bunch of video players on top of each other, and the network pays for all the ads even if the person using the device can't see them.
Using fake clients and brands, HUMAN launched a series of targeted attacks on Vastflux between June and July 2022, then crashed the network command and control servers after a while until the shows arrived last December.
The activity may seem harmless and has little impact on the security of the infected device, but in some cases it can lead to performance issues, battery drain, and overheating.
Since there is no way to monitor hardware usage like CPU and RAM on iPhone, third party apps can be used. Displaying the battery percentage can also be enabled in the device settings. If the percentage is unusually low, this may indicate a suspicious app.