The Battle Against the Billion-Scale Internet Underground Industry: Advertising Fraud Detection and Defense

Presented at Black Hat USA 2022, Aug. 11, 2022, 1:30 p.m. (40 minutes)

<div><span>Advertising is the main profit model of internet companies; the annual industry scale of global internet advertising has reached hundreds of billions of dollars. In fact, internet advertising fraud and anti-fraud may be a war that will never end. In the past few years, we have traced and catched hundreds of internet underground industry practitioners, and we have seen the escalation and evolution of technological confrontation.</span></div><div><span><br></span></div><div><span>In this talk, we will select some typical and large-scale internet underground industry gangs and do an in-depth analysis.</span></div><div><span>-Gang 1: An ultra-large-scale advertising fraud group that infected 350 million mobile phones through the mobile big data analysis SDK. They have existed for five years, involving multiple listed companies, and their fraud targets include some global advertising giants, all mobile advertising platforms and all search engines in China.</span></div><div><span>-Gang 2: PC application bundled software exposed at China Central Television (CCTV) Consumer Rights Protection 315 Gala in 2022. They infected millions of computers and planted extension backdoors into browsers. Their fraud targets include all online shopping sites, social networking sites and advertising platforms in China. They defraud the advertising channel for profit, and secretly add fans to the "We media".</span></div><div><span>-Gang 3: Malicious click tools for vicious competition among advertisers. They generate harassment and invalid clicks on advertisers which leads discourage investment.</span></div><div><span><br></span></div><div><span>For the above-mentioned advertising fraud gangs, we will summarize the key technologies used by them, conduct a crowd analysis on the internet underground industry practitioners, and classify them into high-end and low-end gangs. High-end internet underground industry gangs can use the upstream and downstream channel resources of the Internet industry, they can quickly infect a large number of devices, profit from invisible advertising shows and simulated clicks on the mobile phones, and tamper with the browser traffic and simulate user clicks on the PC side by using browser plug-in backdoors. Low-end internet underground industry gangs use "YI language"(易语言) and a series of browser libraries can quickly build hacking tools and sales at a low price, which can also lead to a very bad impact.</span></div><div><span><br></span></div><div><span>In order to perception and trace these gangs, we have developed the Heracles project, which uses a new device fingerprint generation technology and side-channel detection to identify mainstream hacking tools, such as headless browsers (puppeteer, minibrowser, etc), "mobile key press genie"(按键精灵), and "cloud phones". We also use javascript runtime and jsbridges hooks in the browser engine, CROS features and other new technologies to detect simulated clicks on mobile advertisements and browser extension hijacking. These technologies are the keys to trace and combat the internet underground industry chain, and significantly reduce advertising fraud risk.</span></div><div><span><br></span></div><div><span>Previously, we were a browser and operating system security research team, we have obtained hundreds of CVEs. We will introduce how security researchers contribute to anti fraud. Many undisclosed methods will be proposed to trace and catch internet underground industry practitioners in this talk, we believe that many companies and anti-fraud practitioners will benefit from it.</span></div>

Presenters:

• Jie Gao - Senior Security Researcher, Baidu
  Jie Gao is a member of &nbsp;Baidu Security Lab. He's good at reverse engineering and antivirus. Now he focuses on finding IoT vulnerabilities and Adobe Reader Fuzzing technology.
• Hai Yang - Senior Security Researcher, Baidu
  Hai Yang is a senior security researcher of Baidu Security Lab. He focuses on cybersecurity research, anti-fraud research and combating the threat of cybercrime. In the past few years, he has helped law enforcement trace a large number of criminal gangs, and has tracked down and captured hundreds of Internet underground industry practitioners.
• Yakun Zhang - Senior Security Researcher, Baidu
  Yakun Zhang is a senior security researcher of Baidu Security Lab X-Team. He has extensive experience in the field of vulnerability mining. He focuses on browser and AI security. Zhang worked at McAfee, Qihoo 360, Kaspersky Lab, and Trend Micro before joining Baidu Security.
• Shupeng Gao - Senior Security Researcher, Baidu
  Shupeng Gao is a member of the Baidu Security Lab. He is an expert on IoT security, mobile malware analysis, penetration testing, etc. He has been invited to talk at multiple security conferences, such as Black Hat USA/Asia/Europe, DEF CON USA/Asia, BlueHat, GeekPwn, etc.
• Zheng Huang - Chief Architect of Security Department, Baidu
  Zheng Huang is the head of Baidu Security Lab X-Team. He is a prolific finder of vulnerabilities in the browser security area and has contributed a lot of vulnerabilities in Microsoft browsers, Chrome, and Safari. Previously, he mainly focused on malicious URL detection and defense of APT attacks and he is now responsible for the research of autonomous driving security and internet advertising anti-fraud.

Links:

• https://www.blackhat.com/us-22/briefings/schedule/#the-battle-against-the-billion-scale-internet-underground-industry-advertising-fraud-detection-and-defense-27254

Similar Presentations:

• Black Hat Asia 2021 Virtual / Wideshears: Investigating and Breaking Widevine on QTEE
• Black Hat Asia 2021 Virtual / "We Are About to Land": How CloudDragon Turns a Nightmare Into Reality
• Black Hat USA 2021 / Chip Chop - Smashing the Mobile Phone Secure Chip for Fun and Digital Forensics