Researchers at GeoEdge uncover new Auto-Redirects Costing Publishers and Marketers over $1 Billion

With Auto-Redirects a fast growing concern, GeoEdge’s Security team uncovered seven new and different families of redirect attacks targeting tier one publishers

NEW YORK, Jan. 08, 2018 (GLOBE NEWSWIRE) -- Incidences of malicious auto-redirects have been increasing over the last year, according to GeoEdge, a premier ad security and verification company.

Now, in the last several weeks, GeoEdge’s security team has uncovered seven new and different families of redirect attacks targeting leading publishers.

Auto-Redirects are those annoying ads which redirect our phone screen or browser to a warning about a fake virus or other scam, an app we didn’t ask for, a prize we’ll get for just clicking or a scam for fishing personal data.

One example of these new families of redirect attacks is Hidden Auto-Redirects, which are developed with an underlying mechanism for mobile click fraud. The redirect opens invisible iframes, and unbeknownst to the user, goes on its own delivery path, serving and clicking on ads automatically. As the name implies, this type of redirect does not affect the user experience and remains under the radar, yet the estimated damages to the industry from these hidden mobile redirect campaigns are $920 million dollars.

The new hidden auto-redirects uncovered by GeoEdge’s security team include a redirect attack which whitelisted premium publishers including The Wall Street Journal, Reuters, Forbes and more.

“The whitelisting of hidden auto-redirect attacks is just one tactic designed to reduce the likelihood of uncovering these fraudulent activities,” said Amnon Siev, CEO of GeoEdge. “Through a series of analyses of campaign behavior, as well as domain and network reputation, GeoEdge’s security team has been able to identify a range of malicious auto-redirect activities, which are generating over $1 Billion in losses for publishers and marketers, a significant increase from last year.”

The malicious auto-redirect activities uncovered by GeoEdge’s security team identified multiple hacker networks involved in large-scale attacks. The payloads for these attacks include click-fraud, tech support scams, and malicious installations. In the report, “The Battle Against Auto-Redirects - Saving Publishers and Advertisers $1.13 Billion Annually”, GeoEdge discusses their discovery in addition to examining the evasive tactics and history of auto-redirects.  Click here to access the report:

Incidences of auto-redirect attacks increased significantly in 2017, seriously impacting publishers. In addition to the publisher revenue loss of $210 Million, the trust between publisher and user lessens after each auto-redirect attack. Redirects have also earned a reputation for being stubbornly hydra-like: every time the source of one redirect attack has been identified, another emerges to take its place, making them particularly elusive for publishers and conventional ad verification tools.

To address the challenges of uncovering auto-redirect attacks and other nefarious activities against publishers, GeoEdge has developed a multi-layered approach for auto-redirect detection, unique in the industry. That is how the security team at GeoEdge has discovered seven different families of redirect attacks, increasing identification and prevention by 30 percent.
Key Findings:

  • Auto-redirects are by far the most used scheme to disseminate malvertising today, representing 48% of malware.
  • At 72%, the mobile device is the current vehicle of choice for auto-redirects.
  • One hidden redirect attack was revealed to host a whitelist of hundreds of domains – including premium publishers such as The Wall Street Journal, Reuters, and Forbes – where the attack would be triggered.
  • The hidden redirect's malicious script was programmed to execute mobile click fraud, opening numerous invisible frames and executing fraudulent clicks.
  • The attacks are not localized to one specific location, but in fact are widespread and global.
  • According to GeoEdge’s analysis, auto-redirects cost publishers $210 million and marketers $920 million, resulting in a $1.13 billion annual loss for the online marketing ecosystem.

About GeoEdge
GeoEdge is the premier provider of ad verification and transparency solutions for the online and mobile advertising ecosystem. The company ensures high ad quality and verifies that sites and apps offer a clean, safe, and engaging user experience. GeoEdge guards against non-compliance, malware, inappropriate content, data leakage, operational, and performance issues.‎ Leading publishers, ad platforms, exchanges, and networks rely on GeoEdge’s automated ad verification solutions to ‎monitor and protect their ad inventory. The company was founded in 2010 by a team with more than two decades of hands-on technical and online media experience.

Contact info:
Uriah Av-Ron
PR for GeoEdge
Tel: (646) 755-6120