Skip to content

Ad-fraud operation monetises piracy via WordPress plugins

  • by
  • 2 min read

Scallywag is a large-scale ad fraud scheme that uses custom WordPress plugins to generate billions of fraudulent requests per day to monetise piracy and URL shortening webpages. It was discovered by the bot and fraud detection company HUMAN that laid out a network of 407 domains, which supported the operation, peaking at 1.4 billion daily ad fraud requests.

Genuine ad service providers do not pirate and use URL shortening websites due to brand safety risks, legal concerns, misleading ads and insufficient quality of content. The operation, dubbed Scallywag by HUMAN, is a fraud-as-a-service campaign using around four WordPress plugins to monetise low-quality and possibly malicious websites. The plugins developed for Scallywag are Droplink (released in 2022), WPSafeLink (2020), Yu Idea (2017) and Soralink (2016).

The fraud detection firm said that several independent cybercriminals buy and use the WordPress plugins to start their own ad fraud schemes, and some even post YouTube tutorials of the process. HUMAN said, “These extensions lower the barrier to entry for a would-be threat actor who wants to monetise content that wouldn’t generally be monetizable with advertising.”

The one exception to the sales model is the plugin Droplink, which is available for free if specific money-generating steps are carried out for the sellers. When a user visits a site with a pirated catalogue of movies and paid software and clicks on an embedded shortened URL, they are redirected to a cashout site.

The cashout webpages developed by the campaign use several tactics to slow down users and fit the most number of ads that can be requested and rendered on the page. Such tactics include buttons that must be clicked, CAPTCHAs, wait times and required navigation to proceed.

The pirated catalogue webpages that cannot directly host ads may not be managed by Scallywag. The operators of the sites enter a ‘grey partnership’ to outsource the monetisation.

The company investigated traffic patterns across its partner networks to detect Scallywag. Due to HUMAN’s attempts to block and report the operation, Scallywag traffic has decreased by 95%, while adversaries have resisted by shifting domains and using other monetisation models. HUMAN said that the new domains and redirect chains were blocked as well. The operation’s daily ad fraud traffic has reduced from 1.4 billion to almost zero as a result of the mitigation.

In the News: OpenAI’s o3 model scores lower than initially promised

Arun Maity

Arun Maity

Arun Maity is a journalist from Kolkata who graduated from the Asian College of Journalism. He has an avid interest in music, videogames and anime. When he's not working, you can find him practicing and recording his drum covers, watching anime or playing games. You can contact him here: arunmaity23@proton.me

Related Reads

This is an image of facebook ads instagram 23898

Android users are getting bombarded with unskippable ads

Photo: in green / shutterstock. Com

High-severity Chrome flaw exploited in the wild patched

This is an image of hacked security illustration 11

Novel infostealer caught stealing browser data and crypto wallet extensions

This is an image of malware featured security

Malware targets 6 countries using fake invoice emails

This is an image of data breach featured cybersecurity 113 e1666861228304

M&S confirms data leak during cyberattack

Photo: arnav pratap singh / shutterstock. Com

UPI outage disrupts Indian payment systems

>