Follow on to our update on November 29, ScamClub continues to infect the ad ecosystem. We continue to see attacks coming through on-page integrations like video players and commenting widgets. Since we first detected this threat we have continued to block this threat at a high rate and based on our data this threat builds new signatures every 2-3 days.
ScamClub is back with a new method of attack. The latest ScamClub threats have evolved to targeting on-page video integrations. We commonly see attacks coming through Connatix, Disqus, Taboola and Vidazoo (for an exhaustive list, contact your account manager or email Support@boltive.com).
ScamClub has been using similar tactics to what they have used in the past. Based on our observations, ScamClub has considerably reduced its redirect payloads and removed most AQV checks in order to avoid detection while significantly increasing their volume.
Display/video on desktop and mobile
Though some believe that the ScamClub threats have been completely thwarted in the past, ScamClub attacks will not back down from a challenge. As a threat actor, ScamClub has and will continue to evolve.
Contact the Boltive team to best prepare for attacks like these. As a client, please contact your account manager. As a prospective client, click here and our team will follow up with you.