HUMAN takes down ad fraud operation targeting 120 publishers

HUMAN last week took down an ad fraud operation, named VASTFLUX, where over 1,700 apps were spoofed with invisible video ads. 120 publishers were targeted.

The attack injected JavaScript code into digital ads, allowing the fraudsters to stack dozens of video ads on top of one another and registering views for ads completely invisible to the user.

HUMAN says this was a highly sophisticated ad fraud operation, able to run ads on nearly 11 million devices, and reaching a peak volume of 12 billion ad requests a day.

“What was technically impressive and incredibly concerning about VASTFLUX was the fraudsters hijacked impressions on legitimate apps, which makes it nearly impossible for users to tell if they are impacted,” said Gavin Reid, HUMAN’s newly-appointed CISO. “Orchestrating a private takedown of this magnitude and severity is no small feat, and I want to take a moment to thank all involved, including the HUMAN Satori Threat Intelligence and Research Team, the team at clean.io and the industry leaders who make up The Human Collective who are dedicated to making the programmatic ecosystem safe and human.”