- Scientists found a huge ad fruiting called scallyway
- The scheme earns money in pirated places through a series of redirections
- At its highest there were 1.4 billion daily requests
CyberSecurity scientists from human have seen a larger ad -fraud surgery that utilizes people’s interest in pirated content to generate ad revenue from otherwise non -moneizable content.
In an in -depth report, human explained that pirated sites do not host ads because they would “run after most advertisers’ policies.” Instead, they work with hundreds of site owners (scammers, basically) implementing a set of four WordPress plugins on their assets.
These plugins are called collectively scallywag and they are designed to do a few things, but mostly to load as many ads as possible and make sure people stay around until fully reproduced. There are a few tactics to slow down visitors from the “Wait” button that turns to “Download NOW”, to fake CAPTCHAS and other methods. Plugins are called Soralink (published in 2016), Yu Idea (2017), WPSAFelink (2020) and droplink (2022).
Stifles the operation
After reproducing the advertisement, visitors are redirected again and are allowed to download the pirated content they were looking for.
When Human discovered the operation, it counted 407 domains and 1.4 billion false ad requests – per year. Day. It seems that the strength is in number as scammers even made YouTube -Videotutorials, and coached other people on how to participate:
“These extensions lower the barrier to entry for a threat actor who wants to make money on content that would generally not be making money on advertising; in fact, several threat actors have published videos to train others to create their own schemes,” Human said.
The researchers moved in to report and block scallywag traffic and claim to have virtually success. The traffic allegedly shrunk by 95%, although the operation is not completely dead as threat actors rotated domains and moved to other revenue models.
Via Bleeping computer
