An ad-verification company has uncovered multiple hacker networks involved in auto-redirect attacks with payloads of mobile click fraud, tech support scams, and malicious installations. GeoEdge estimates the scam could cost publishers and advertisers $1.13 billion annually.
GeoEdge identified seven distinct classes of redirect attacks as well as major hacker networks. These families of attacks, and the hacker networks that use them, are responsible for hundreds of millions of monthly impressions.
In a few of the attacks, the auto-redirect was taking the user out of the browser and into app stores. The redirect method in mobile devices usually redirects to the App Store or Google Play Store rather than simply mimicking the usual desktop tricks.
GeoEdge also found evidence of click fraud. The mobile browser opens multiple invisible iframes and calls multiple URLs and ultimately executes fraudulent clicks. In this particular attack, GeoEdge identified a whitelist of hundreds of domains where the attack would actually occur. The ad loads a script from Amazon AWS S3 and checks the domain to see whether it should execute. If the specific domain is on the whitelist, the code will embed hidden iframes in the browser and click on the ads, according to GeoEdge's security research, titled Auto-Redirects.
Broken down by damages, auto-redirects cost the advertising industry an estimated $210 million annually and another $920 million through ads with click fraud.