They defrauded 12 million people with the advertising trap. Don’t click on every ad

Researchers at security company Human Security have uncovered one of the largest and most sophisticated mobile ad attacks.

Millions of phones were infiltrated due to the ad scam called Vastflux. Hundreds of advertising companies and app developers have been defrauded by this program.


The scam ad campaign Vastflux was first spotted by Human Security last year. The ad scam does it by targeting a single ad slot rather than a user’s entire phone or entire app.

Human Security gains an ad slot when this program appears on the phone, and then inserts malicious code that makes multiple video ads pile up.

The end user thinks they will only see a single video ad, but behind the scenes, the attacker was actually able to see up to 25 video ads stacked on them. The scammers, who would get paid as if they were shown separately for each ad, thus deceived the advertising companies and developers.

For the end user, the only clue that something went wrong was the battery draining faster while all the fake ads were being processed in the background of their phone.

Human security has yet to reveal the name of the group behind the attack. But this attack reached 12 billion devices.