In a recent revelation, cybersecurity researchers have shed light on a sophisticated ad-fraud scheme known as “Scallywag,” which has been exploiting WordPress plugins to generate more than 1.4 billion fraudulent ad requests on a daily basis.
Unlike traditional methods of monetizing pirated content, Scallywag employs a unique strategy that involves the use of customizable extensions to profit from digital piracy. This operation is characterized by a complex network of cashout domains, URL shorteners, and clever redirection techniques.
The challenge of monetizing pirated content lies in the fact that mainstream advertisers typically avoid associating themselves with illicit activities. However, the Satori Threat Intelligence and Research Team at HUMAN has uncovered how Scallywag bypasses these obstacles by inserting intermediary pages between piracy catalog sites and actual streaming links. These pages are loaded with deceptive ads and buttons, creating a gateway to pirated content for users who follow the designated path.
One of the key aspects that sets Scallywag apart is its “as-a-service” model, which allows the operators to sell access to their WordPress extensions. This model has enabled a global community of digital pirates to thrive, with instructional videos circulating on platforms like YouTube offering tips on installation and customization.
The use of open redirectors by Scallywag further complicates the detection of fraudulent activity, as these redirectors make it appear as though user referrals are coming from trusted sources rather than piracy sites. This deceptive tactic makes it difficult for advertisers to identify and block fraudulent traffic, allowing Scallywag to operate successfully without attracting unwanted attention.
At its peak in early 2024, Scallywag was responsible for generating an astonishing 1.4 billion fake ad bid requests per day. However, following the exposure by Satori researchers, the traffic generated by the scheme has plummeted by 95%. HUMAN’s Defense Platform has since implemented measures to flag and neutralize Scallywag-related requests, providing enhanced protection to its clients.
Despite these setbacks, the operators of Scallywag have displayed resilience by adopting frequent domain rotations and adapting their tactics to evade detection. HUMAN has committed to maintaining vigilance and enhancing its real-time protections to stay ahead of evolving ad-fraud techniques.
The discovery of Scallywag serves as a stark reminder of the ongoing battle between fraudsters and defenders in the realm of digital advertising. It underscores the inherent risks and challenges faced by industry stakeholders in combating fraudulent activities, highlighting the need for continued innovation and vigilance in safeguarding the integrity of the digital advertising ecosystem.