How Auto-Redirect Attacks Cost Publishers $1.13 Billion Annually

Incidences of malicious auto-redirects have been increasing over the last year, and in the last several months, GeoEdge has uncovered seven new and different families of redirect attacks targeting leading publishers. The payloads for these attacks include click-fraud, tech support scams, and malicious installations.

One example of these new families of redirect attacks is Hidden Auto-Redirects, which are developed with an underlying mechanism for mobile click fraud. The redirect opens invisible iframes, and unbeknownst to the user, goes on its own delivery path, serving and clicking on ads automatically.

As the name implies, this type of redirect does not affect the user experience and remains under the radar, yet the estimated damages to the industry from these hidden mobile redirect campaigns are $920 million dollars.

In the report, “The Battle Against Auto-Redirects: Saving Publishers and Advertisers $1.13 Annually”, we discuss this discovery in addition to examining the evasive tactics and history of auto-redirects.

Key Findings:

Auto-redirects are by far the most used scheme to disseminate malvertising today, leading the pack at a 48% majority.At 72%, the mobile device is the current vehicle of choice for auto-redirects.One hidden redirect attack was revealed to host a whitelist of hundreds of domains – including premium publishers such as Reuters, NBC, and Forbes – where the attack would be triggered.

The hidden redirect’s malicious script was programmed to execute mobile click fraud, opening numerous invisible frames and executing fraudulent clicks.The attacks are not localized to one specific location, but in fact are widespread and global.

“Auto-redirect attacks are costing both publishers and advertisers money and are responsible for disrupting hundreds of millions of impressions monthly,” says Amnon Siev, CEO of GeoEdge. “I am proud that the GeoEdge team is able to not only shine a light on this harmful phenomenon, but make a serious leap in resolving it.”

Click here to get started blocking auto redirects! 

Eliana is a marketing strategist with a passion for technology and storytelling. Eliana’s work has been featured in places like Slashdot, the RSA conference, and Facebook’s PyTorch publications. You can find more about Eliana on Linkedin.

Malvertising, the practice of sprinkling malicious code into legitimate-looking ads is growing more sophisticated. GeoEdge’s holistic ad quality solution has you covered.


450+ Publishers & Platforms