Morphixx Malvertising Attack

A Security Report by GeoEdge

Security researchers at GeoEdge have identified the resurgence of Morphixx, the global malvertising credit card scam– utilizing a new deceptive attack vector to scam users. GeoEdge has identified several revival instances since the inception of the attack in June 2020 which employed auto-redirects to steal credit card data, potentially generating $5 –10 billion in duplicitous credit card charges globally. The most recent attack in early May 2021 marks the first instance GeoEdge’s Security Research Team has identified an established global threat actor from the redirect landscape shift to deceptive ads activity. In this report, we’ll tell you everything you need to know about the malicious campaign, and why stronger ad quality solutions are required to help mitigate this growing threat.

Forced Redirect Ads

Some call them auto-redirects. Some call them forced redirects. But every legitimate publisher, marketer, agency, and ad platform calls them bad news.
Auto-redirects (a/k/a forced redirects) have plagued the digital ad ecosystem for years. But starting in 2018 and increasing through 2020, a series of high-profile attacks made redirects the digital industry’s most talked-about ad security, ad quality and ad fraud issue.
Forced redirects pull even experienced digital media consumers into a maze where anything that can be clicked may lead to fraud, malware, or another low-quality page.

Auto-Redirects--A Stealth Attack With Lasting Effect

These auto-redirects are as simple to describe as they are sinister. The user opens a publisher site in a browser window. Malicious code is deployed through an unsecured ad slot. A pop-up appears, covering the page’s content–or, if it’s on mobile, covering most of the screen. The message in the box is usually urgent: It tells the user their device is infected with a virus or malware, or that they have won a prize or gift card through a contest or promotion, or that their device or browser must be updated. There’s no clear way to close the pop-up, and of course the message is misleading–clicking on the pop-up usually directs the user to an unsecure site or the app store.
In the blink of an eye, because of that malicious auto-redirect, the user’s attention is anywhere but the site they were trying to open. The publisher loses the chance to monetize that user’s session via legitimate advertising.

Not a Prank. Not a Drill. Redirects Point to a Bigger Problem.

To users, being forced redirect ads are annoying. The big picture is more severe: Bad actors launch redirects not to annoy, but to scam users of money, to deploy malware onto users’ devices, or to defraud marketers and agencies. Behind a typical auto-redirect, you’re likely to find a sophisticated criminal enterprise that has carefully evaded digital security tools.

Clicking on a Redirect Is Digital Quicksand.

There is no single objective behind auto-redirects–but again, nearly all of those objectives are bad news. Over 95% of auto-redirects lead to scams. Sometimes the redirect is a phishing attempt, and it takes the user to a site where they are prompted to share personal information. Sometimes the redirect is a Trojan horse attack–prompting the user to download malware that steals their personal or financial details, or that turns their device into a bot programmed to fraudulently click on ads. Sometimes the redirect brings the user to low-quality sites promoting pharmaceuticals, dietary supplements, dating services, trading services, or adult content.
Forced redirects pull even experienced digital media consumers into a maze where anything that can be clicked may lead to fraud, malware, or another low-quality page.

The Stakes Are High and Getting Higher.

Auto-redirects are a big business: Altogether, redirects account for 48% of all malvertising instances. And auto-redirects are extremely expensive for businesses. Publishers lose $210 million dollars per year to redirects– from users abandoning their sessions, never reaching the site, or choosing not to return to the site. For agencies and marketers, redirects cost $920 per year industry-wide. These losses often come from click fraud–when the user’s device is infected with malware without the user ever knowing it.
In recent years, redirect attacks have become more targeted, turning their attention to premium publishers, more engaged audiences, and more affluent audiences. Indeed, 72% of all forced redirects happen on mobile, and 57% of all redirects happen specifically on iOS.

Go Harder Than the Bad Guys.

The best time to fight auto-redirects is before they happen. Publishers have tried to prevent redirects by raising or lowering price floors, implementing inefficient DIY solutions, and asking their ops teams to manually track down the source of redirects. These solutions are often slow, resource-heavy, and ultimately ineffective. The digital industry demands real-time, around-the-clock solutions–and GeoEdge has pioneered and revolutionized the effort to detect and block redirect attacks in real time.
GeoEdge’s cutting-edge technology monitors the programmatic ad ecosystem for ad security and quality issues, including auto-redirect attacks. Not only does it block previously known issues before they reach the publisher’s page, it uses machine learning to detect and block new threats in real time.
GeoEdge real-time blocking of bad ads takes you beyond redirects, and addresses the spectrum of digital security threats. GeoEdge leads the charge for ad quality assurance, detecting and blocking latent, low-quality, and explicit creative.] No other company provides these comprehensive security and quality tools. With GeoEdge protection, you can look beyond redirects, and begin perfecting the overall performance of your page, to grow your audience, deepen engagement, and earn more revenue.
Everyone gets auto-redirects. No one has to. Talk with GeoEdge’s acclaimed support team about how we together can stop redirects before they happen… and so much more.

Maximize Your Profits By

Eliminating Bad Offensive Malicious Redirect Ads

Test drive GeoEdges anti-malvertising solution and gain the freedom to maximize your ad revenue without quality concerns.
Receive the same benefits as paid members
More than a free trial. It’s immediate protection.
Start Your 30-Day Free Trial

Free Trial


No credit card or commitment required

What our clients say

As a result of deploying GeoEdge’s real-time solution, Evolve Media saw a reduction in instances of malicious activity on its sites by 80%-90%.
Veronica Gilton

Chief Technology Officer  I  Evolve Media

Play Video



Everyone gets auto-redirects. No one has to.