Team Confiant

 •  1 minute read

Security Alert: Scam Club Forced Redirects Malvertising Attack

Confiant Security Alert

Confiant alerts our customers whenever significant, widespread malvertising attacks occur in the programmatic ecosystem. Confiant has been tracking a significant increase in ScamClub forced redirect volumes and alerted clients on February 3, 2023.

Attack Information

ScamClub is one of the longest-standing threat actors in the malvertising scene, with a continuous presence for at least the last six years. They specialize in creating relationships with high risk ad platforms and executing forced redirect campaigns with very repetitive patterns.

The typical January CPM drop has allowed ScamClub to gain scale since early January.


Elevated volumes since early January with a spike in the last week.


  • SSPs: YieldMo, Colossus,, Smaato. AdYouLike
  • DSPs: Opera, GothamAds, Aceex, Bidscube, SmartyAds, LoopMe


  • Geographies: United States (57%), Canada (12%), Great Britain (11%), Other (20%)
  • Targeting: Two separate campaigns, one on mobile and one on desktop
  • Reach: Up to 2% of all impressions served for impacted SSPs


By providing industry-leading protection against malvertising, disruptive ads, and privacy risks Confiant empowers premium ad platforms and publishers with actionable data to ensure the digital ad ecosystem is safe and secure for everyone.

More information on ScamClub can be found in Confiant's Malvertising Attack Matrix.


Not part of the Confiant customer community yet? Request a free trial today.