10 Key Things You Need to Know About the Sophisticated Vastflux Ad Fraud Scheme

At the end of April 2015, researchers from Distil Networks reported the discovery of a sophisticated ad fraud network, Vastflux, which had been around since at least January 2014. The network used sophisticated malware targeting both iOS and Android users and spanned over 1,700 apps. Vastflux was an advanced mobile ad fraud that operated by spoofing spoofing popular apps, hijacking network traffic and inserting malicious ads. These ads would hijack users and serve them with targeted click fraud advertisements. Furthermore, the ad fraud network would monetise by collecting ad revenue from those ads. The Disruptor approach used by Distil Networks allowed them to take effective steps to terminate the malicious advertising. They shut down the command and control servers and websites used to manage the network, making it difficult for the fraudsters to continue operating. The campaign was a notable success as hundreds of apps were taken off the app stores and the routers responsible for the malicious advertising were terminated. Moreover, it exhibited a pattern of sophisticated techniques which are used in campaigns similar to Vastflux. When it comes to identifying and preventing similar future fraud attacks here are 10 things you need to know: 1. Be aware of spoofed apps. It’s important to keep track of the legitimate apps being released and try to identify any imitations. 2. Monitor apps for malicious behaviour. The earliest signaries of an app being compromised could be an increase in network traffic, or a change in user behaviour patterns. 3. Keep an eye on third-party ads. Malicious advertisements often have different coding from legitimate advertisements and can be identified by their behaviour. 4. Increase vigilance on app stores. shady apps can hide in plain sight and updating check could help to catch malicious apps before they are unleashed on unsuspecting users. 5. Review app permissions. Many malicious apps get consent to access user information and can also gain access to other apps and data. 6. Add ad fraud detection and prevention tools. Security technologies exist to monitor and block malicious advertising. 7. Disable third-party app stores. Often users install third-party apps without realizing they represent an additional risk. 8. Raise user awareness. Familiarizing users with the signs of ad fraud and the preventive steps they need to take helps minimizes the risks. 9. Implement strict app vetting. Make sure all apps submitted to the app store pass a rigorous check process to guarantee the content’s safety. 10. Distribute updates regularly. This can provide new security patches for existing apps as well as new features, thus reducing the chances of exploitation. These measures, combined with vigilance and constant monitoring, can help make sure apps are safe from fraudsters’ attempts to hijack your users with malicious advertising.

This Cyber News was published on www.securityweek.com. Publication date: Tue, 24 Jan 2023 03:31:02 +0000


Cyber News related to 10 Key Things You Need to Know About the Sophisticated Vastflux Ad Fraud Scheme

Comprehensive Guide to Fraud Detection, Management, & Analysis - To mitigate risks, businesses can use risk management strategies, including fraud detection software, company policies, and staff ranging from risk managers and trust officers to fraud analysts. Affiliate Fraud - Affiliates in a marketing arrangement ...
9 months ago Securityboulevard.com
Uncovering VastFlux: The Inner Workings of a Sophisticated Fraud Scheme - In recent years, cybercrime has become an increasing threat, both to businesses and individuals. VastFlux is one of the latest examples of a sophisticated fraud scheme, which is used by cybercriminals to carry out online fraud. This malware is ...
1 year ago Securityaffairs.com
10 Key Things You Need to Know About the Sophisticated Vastflux Ad Fraud Scheme - At the end of April 2015, researchers from Distil Networks reported the discovery of a sophisticated ad fraud network, Vastflux, which had been around since at least January 2014. The network used sophisticated malware targeting both iOS and Android ...
1 year ago Securityweek.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
1 week ago Aws.amazon.com
Deepfake Digital Identity Fraud Surges Tenfold, Sumsub Report Finds - Threat actors undertaking identity fraud have been using deepfakes ten times more in 2023 than in 2022, according to digital identity verification solutions provider Sumsub. In its third annual Identity Fraud Report, published on November 28, 2023, ...
10 months ago Infosecurity-magazine.com
5 Fraud Prevention Strategies That Help Companies Ward Off Cyber Attacks - According to PwC's 2022 survey, over half of companies experienced fraud in the past two years, the highest in 20 years of research. From cyber-attacks to wire fraud to dishonest employees, there's no shortage of threats that aim to profit off your ...
9 months ago Hackread.com
Identity Fraud Rises as E-Commerce, Payment Firms Targeted - An analysis of global customer data has highlighted a 20% increase in overall fraud incidents compared to last year, largely attributed to the surge in impersonation fraud and the accessibility of sophisticated attack methods and tools. The gaming, ...
10 months ago Securityboulevard.com
What is Word Unscrambler In Gaming? - Are you tired of getting stuck on those tricky word puzzles in your favourite mobile game? Have you ever wished for a tool to help unscramble those seemingly impossible words? Look no further because the word unscrambler is here to save the day! This ...
1 year ago Hackread.com
Fighting the Next Generation of Fraud - In today's digital age, the landscape of fraud is evolving at an alarming pace. In 2022, 20-59-year-olds reported 63% of all fraud in the United States. Fraudsters have been quick to harness the potential of generative AI to perpetrate various ...
10 months ago Securityboulevard.com
Does Less Consumer Tracking Lead to Less Fraud? - Authors Bo Bian, Michaela Pagel and Huan Tang investigated the relationship between the rollout of Apple's App Tracking Transparency and reports of consumer financial fraud. By default, Apple's ATT opted all iPhone users out of tracking, which meant ...
9 months ago Eff.org
How to Set Up a VLAN in 12 Steps: Creation & Configuration - Each VLAN configuration process will look a little different, depending on the specifications you bring to the table, and some of these steps - particularly steps five through eight - may be completed simultaneously, in a slightly different order, or ...
9 months ago Esecurityplanet.com
VMware vCenter RCE Vulnerability: What You Need to Know - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
3 months ago Securityboulevard.com
Should I get CISSP Certified? - CISSP's reputation as a certification is for being 'a mile wide and an inch deep'. That's a limitation too - CISSP means you understand something, but not that you know how to do it. But the exam is a six-hour marathon consisting of a vast array of ...
8 months ago Securityboulevard.com
Less is more: Conquer your digital clutter before it conquers you - In case you missed it, last week was Data Privacy Week, an awareness campaign to remind everybody that any of our online activities creates a trail of data and that we need to better manage our personal information online. Increasingly, we live our ...
1 year ago Welivesecurity.com
Customer compliance and security during the post-quantum cryptographic migration | AWS Security Blog - For example, using the s2n-tls client built with AWS-LC (which supports the quantum-resistant KEMs), you could try connecting to a Secrets Manager endpoint by using a post-quantum TLS policy (for example, PQ-TLS-1-2-2023-12-15) and observe the PQ ...
1 week ago Aws.amazon.com
Anti-Fraud Project Boosts Security of African, Asian Financial Systems - A nonprofit has launched the first open source platform aimed at delivering sophisticated anti-fraud capabilities to financial systems in Africa as well as parts of Asia and the Middle East. The Tazama open source project is real-time financial ...
7 months ago Darkreading.com
5 Types of Crypto You Didn't Know Existed - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
6 months ago Hackread.com
DataVisor integrates SMS customer verification into its platform - DataVisor announced the expansion of its end-to-end platform capabilities with the integration of SMS customer verification for fraudulent transactions. This new offering, powered by Twilio technology, provides customers with enhanced fraud ...
10 months ago Helpnetsecurity.com
NFTs magnets for fraud, but not terrorists, says US Treasury The Register - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
4 months ago Go.theregister.com
NFTs magnets for fraud, but not terrorists, says US Treasury The Register - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
4 months ago Theregister.com
Scattered Spider: Evolving & Resilient Group Proves Need for Constant Defender Vigilance - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
3 months ago Securityboulevard.com
AsyncRAT Infiltrates Key US Infrastructure Through GIFs and SVGs - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
9 months ago Hackread.com
PuTTY Private Key Recovery Vulnerability - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
5 months ago Gbhackers.com
What is Biometric Security? Your Body Becomes Your Key - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
8 months ago Hackersonlineclub.com
Skeleton Key the Latest Jailbreak Threat to AI Models: Microsoft - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
3 months ago Securityboulevard.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)