CyberSecurity news
FlagThis
@cyberalerts.io
//
A massive ad fraud operation dubbed "Scallywag" has been disrupted after researchers uncovered its scheme of generating up to 1.4 billion fraudulent ad requests daily. This operation monetized pirating and URL shortening websites through specially crafted WordPress plugins. These plugins, including Soralink, Yu Idea, WPSafeLink, and the Droplink extension, facilitated the insertion of ad-laden intermediary pages between piracy catalog sites and the desired pirated content, forcing users to interact with numerous ads and wait times.
HUMAN, a bot and fraud detection company, played a critical role in dismantling Scallywag's operations. The researchers identified anomalous traffic patterns, such as elevated ad impression volume and forced user interactions on seemingly innocuous WordPress blogs. By flagging suspicious domains and working with ad providers to block fraudulent bid requests, HUMAN successfully cut off 95% of the Scallywag fraud-as-a-service operation.
Scallywag's success relied heavily on cloaking and obfuscation techniques to evade detection. When ad platforms or advertisers directly visited the intermediary pages, they appeared as benign blogs. Only users redirected from piracy catalog sites encountered the ad-heavy, incentive-laden versions. The takedown has prompted many of Scallywag's affiliates to seek other scams, but the threat actors have shown resilience by rotating domains and moving to other monetization models, highlighting the need for continuous vigilance against ad fraud.
ImgSrc: www.bleepstatic
References :
HUMAN, a bot and fraud detection company, played a critical role in dismantling Scallywag's operations. The researchers identified anomalous traffic patterns, such as elevated ad impression volume and forced user interactions on seemingly innocuous WordPress blogs. By flagging suspicious domains and working with ad providers to block fraudulent bid requests, HUMAN successfully cut off 95% of the Scallywag fraud-as-a-service operation.
Scallywag's success relied heavily on cloaking and obfuscation techniques to evade detection. When ad platforms or advertisers directly visited the intermediary pages, they appeared as benign blogs. Only users redirected from piracy catalog sites encountered the ad-heavy, incentive-laden versions. The takedown has prompted many of Scallywag's affiliates to seek other scams, but the threat actors have shown resilience by rotating domains and moving to other monetization models, highlighting the need for continuous vigilance against ad fraud.
ImgSrc: www.bleepstatic
Share:
References :
- bsky.app: A large-scale ad fraud operation called 'Scallywag' is monetizing pirating and URL shortening sites through specially crafted WordPress plugins that generate billions of daily fraudulent requests.
- cyberpress.org: A sprawling ad fraud operation, codenamed “Scallywag,” has been disrupted after generating a staggering 1.4 billion fraudulent ad requests per day at its peak, according to threat intelligence researchers. Built around a suite of WordPress plugins, Scallywag enabled cybercriminals to monetize digital piracy and URL-shortening sites on an industrial scale, all while evading detection through
- www.bleepingcomputer.com: A large-scale ad fraud operation called 'Scallywag' is monetizing pirating and URL shortening sites through specially crafted WordPress plugins that generate billions of daily fraudulent requests.
- www.scworld.com: BleepingComputer reports that the wide-reaching Scallywag ad fraud operation that generated up to 1.4 billion fake ad requests daily to monetize pirating and URL shortening websites had its operations nearly dismantled following efforts from bot and fraud detection company HUMAN, prompting most of its affiliates to join other scams.
Classification:
- HashTags: #AdFraud #WordPress #Scallywag
- Company: WordPress
- Target: Websites, Advertisers
- Attacker: Scallywag
- Product: WordPress
- Feature: Ad Fraud
- Malware: Scallywag
- Type: Hack
- Severity: Medium