Millions of people with iPhones are, probably unknowingly, victims in a rogue ad campaign. That’s because of a broad attack in the online ad ecosystem. That may have earned the creators of this campaign millions of dollars in profits.
When you open a website or app, you will often see ads. Which ad that is, that is determined by a number of invisible processes. Advertising platforms sometimes take your cookies into account, but most of the time, the highest bidder for a spot is entitled to your eyeballs.
iPhone users hit by scam
A lot can go wrong in that process, Human Security researchers show. That team tracked down a scam from a company focused on fraud and bot activity, and called the attack Vastflux. As a result, 11 million people were affected; the company had spoofed more than 1,700 apps.
The company had also targeted 120 publishers. At the height of the action, Vastflux was executing about 12 billion applications per day. The scam was discovered back in the summer of 2022, and its creators were untraceable at the time. They had made sure of that. It is now known which group is responsible for this.
Battery suddenly goes dead much faster
However, Human Security does not disclose the name. With the attacks, the rogue team was not trying to take over smartphones or anything like that. They were only concerned with the ad spot. In that spot, they were able to inject multiple ads and thus make more money than platforms normally do.
Sometimes up to 25 ads were injected at once. You didn’t see them (the attackers were paid for that), but your battery noticed. It drained much faster as a result. Because Google pays sharp attention to such modus operandi, iPhone owners were particularly affected. But Android users unfortunately did not completely escape. Unfortunately, it is not clear exactly which apps were affected.