- The researchers found a great advertising fraud scheme called Scallyway
- The scheme monetizes the pirated sites through a series of redirectings
- At its peak, there were 1,400 million daily applications
Human cybersecurity researchers have seen an important advertising fraud operation that takes advantage of people’s interest in pirated content to generate advertising income from non -monetizable content.
In an in -depth report, Human explained that the pirated websites do not house ads because “they would face the policies of most advertisers.” On the other hand, they are being associated with hundreds of website owners (basically scammers that implement a set of four WordPress accessories in their assets.
These accessories are collectively called Scallywag, and are designed to do a couple of things, but mainly to load as many ads as possible, and make sure people stay until they become completely. There are a couple of tactics to slow down visitors, from the “please” The accessories are called Soralink (launched in 2016), Yu Idea (2017), Wpsafelink (2020) and Droplink (2022).
Drowning the operation
After presenting the announcement, visitors are again redirected and are allowed to download the pirate content they were looking for.
When Human discovered the operation, he told 407 domains and 1.4 billion requests for fraudulent ads, per day. It seems that the force is in numbers, since the scammers even made YouTube tutorial videos, training other people on how to join:
“These extensions reduce the entrance barrier for a possible threat actor who wants to monetize the content that would not generally be monetizable with advertising; in fact, several threat actors have published videos to train others about the creation of their own schemes,” said Human.
The researchers moved to inform and block SCALLYWAG traffic, and claim to have successfully successful. Traffic was supposedly reduced by 95%, although the operation is not completely dead since threat actors rotated the domains and moved to other monetization models.
Through Bleepingcomputer
