Friday, May 2, 2025
HomeCyber Security NewsWordPress Ad-Fraud Plugins Trigger Massive 1.4 Billion Daily Ad Requests

WordPress Ad-Fraud Plugins Trigger Massive 1.4 Billion Daily Ad Requests

Published on

SIEM as a Service

Follow Us on Google News

Cybersecurity researchers have uncovered a sprawling ad-fraud operation exploiting WordPress plugins to trigger over 1.4 billion fraudulent ad requests every day.

Dubbed “Scallywag,” this scheme leverages customizable extensions to monetize digital piracy through a complex web of cashout domains, URL shorteners, and crafty redirections.

Monetizing pirated content has always presented challenges for cybercriminals, as mainstream advertisers shun any association with illicit activity.

- Advertisement - Google News

The Satori Threat Intelligence and Research Team at HUMAN reports that Scallywag circumvents these obstacles with a clever approach: instead of serving ads directly on piracy sites, which would be too blatant, the operation inserts intermediary pages between piracy catalog sites and the actual streaming links.

These interstitial pages are loaded with ads, deceptive buttons, and artifacts, each designed to look harmless if accessed directly.

However, when a user follows the “correct” path from a catalog site, the page becomes a gateway to pirated content.

Meanwhile, direct visits from advertisers show only benign blog content, camouflaging the true nature of the operation.

A Community of Digital Buccaneers

What sets Scallywag apart is its “as-a-service” model. Rather than distributing pirated material, the operators sell access to their WordPress extensions, empowering a global community of aspiring digital pirates.

Instructional videos proliferate on platforms like YouTube, demonstrating installation tips and customization tricks.

This grassroots proliferation results in countless unique paths through which users are funneled from piracy catalogs to illicit streams, maximizing ad revenue for both extension creators and their customers.

Mimicking the deceptive tactics of historical pirates, Scallywag deploys open redirectors to obscure referral sources. A redirector can make a user’s referral appear to originate from a trusted source—such as a search engine or social network, rather than a piracy site.

This sleight of hand makes it significantly harder for advertisers to identify and block fraudulent traffic, allowing Scallywag’s operations to flourish undetected.

At its early-2024 peak, Scallywag generated a staggering 1.4 billion fake ad bid requests daily.

Following exposure by Satori researchers, traffic from the scheme has plummeted 95%. HUMAN’s Defense Platform now flags and neutralizes Scallywag-linked requests, offering robust protection for its clients.

However, the digital buccaneers aren’t giving up easily—frequent domain rotations and adaptation keep the fight alive.

HUMAN pledges continued vigilance, rolling out real-time protections to stay ahead of evolving ad-fraud tactics.

The Scallywag discovery underscores the ongoing arms race between fraudsters and defenders in the lucrative world of digital advertising, reminding the industry that the high seas of ad-tech remain fraught with peril and ingenuity.

Find this News Interesting! Follow us on Google NewsLinkedIn, & X to Get Instant Updates!

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Dutch Services Disrupted by DDoS Attacks From Russian-Affiliated Hacktivists

Multiple Dutch organizations have experienced significant service disruptions this week due to a series...

Seven Malicious Packages Exploit Gmail SMTP to Run Harmful Commands

A major supply chain security incident has rocked the Python open-source community as researchers...

CISA Issues New ICS Advisories Addressing Critical Vulnerabilities and Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) has issued two new advisories revealing critical...

NVIDIA TensorRT-LLM Vulnerability Let Hackers Run Malicious Code

NVIDIA has issued an urgent security advisory after discovering a significant vulnerability (CVE-2025-23254) in...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Dutch Services Disrupted by DDoS Attacks From Russian-Affiliated Hacktivists

Multiple Dutch organizations have experienced significant service disruptions this week due to a series...

Seven Malicious Packages Exploit Gmail SMTP to Run Harmful Commands

A major supply chain security incident has rocked the Python open-source community as researchers...

CISA Issues New ICS Advisories Addressing Critical Vulnerabilities and Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) has issued two new advisories revealing critical...