![[The AI Show Episode 144]: ChatGPT’s New Memory, Shopify CEO’s Leaked “AI First” Memo, Google Cloud Next Releases, o3 and o4-mini Coming Soon & Llama 4’s Rocky Launch](https://www.marketingaiinstitute.com/hubfs/ep%20144%20cover.png)
![Is This Programming Paradigm New? [closed]](https://miro.medium.com/v2/resize:fit:1200/format:webp/1*nKR2930riHA4VC7dLwIuxA.gif)
-Classic-Nintendo-GameCube-games-are-coming-to-Nintendo-Switch-2!-00-00-13.png?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
![New iPhone 17 Dummy Models Surface in Black and White [Images]](https://www.iclarified.com/images/news/97106/97106/97106-640.jpg)
![Hands-On With 'iPhone 17 Air' Dummy Reveals 'Scary Thin' Design [Video]](https://www.iclarified.com/images/news/97100/97100/97100-640.jpg)
A huge online fraud operation is hijacking WordPress sites to send out 1.4 billion ad requests per day
Operation has since been choked, but it's not entirely dead yet.
- Researchers found a huge ad fraud scheme called Scallyway
- The scheme monetizes pirated sites through a series of redirects
- At its peak, there were 1.4 billion daily requests
Cybersecurity researchers from HUMAN have spotted a major ad fraud operation that leverages people’s interest in pirated content to generate ad revenue from otherwise non monetizable content.
In an in-depth report, HUMAN explained pirated websites don’t host ads because they would “run afoul of most advertisers’ policies”. Instead, they are partnering with hundreds of website owners (scammers, basically) who deploy a set of four WordPress plugins on their assets.
These plugins are collectively named Scallywag, and they are designed to do a couple of things, but mostly to load as many ads as possible, and make sure people stick around until they fully render. There are a couple of tactics to slow visitors down, from the “please wait” button that turns to “download now”, to fake CAPTCHAs and other methods. The plugins are called Soralink (released in 2016), Yu Idea (2017), WPSafeLink (2020), and Droplink (2022).
Keeper is a cybersecurity platform primarily known for its password manager and digital vault, designed to help individuals, families, and businesses securely store and manage passwords, sensitive files, and other private data.
It uses zero-knowledge encryption and offers features like two-factor authentication, dark web monitoring, secure file storage, and breach alerts to protect against cyber threats.
Preferred partner (What does this mean?)View Deal
Choking the operation
After rendering the ad, visitors are again redirected and allowed to download the pirated content they were looking for.
By the time HUMAN discovered the operation, it counted 407 domains and 1.4 billion fraudulent ad requests - per day. It seems the strength is in numbers, since the fraudsters even made YouTube video tutorials, coaching other people on how to join:
"These extensions lower the barrier to entry for a would-be threat actor who wants to monetize content that wouldn't generally be monetizable with advertising; indeed, several threat actors have published videos to coach others on setting up their own schemes," HUMAN said.
The researchers moved in to report and block Scallywag traffic, and claim to have largely succeeded. The traffic allegedly shrunk by 95%, although the operation is not entirely dead since threat actors rotated domains and moved to other monetization models.
Via BleepingComputer
You might also like
- Google blocked over 5 billion ads in 2024 as AI-powered scams skyrocketed
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
