Satori Threat Intelligence and Research Team

Threat intelligence the HUMAN way.
Our Satori team discovers, analyzes, and disrupts threats throughout the digital landscape resulting in actionable insights and collaborative takedowns of cybercrime.

Derived from an ancient word meaning “comprehension, awakening, or understanding”. We took those roots of insight and embedded Satori threat intelligence throughout all of HUMAN’s products, curating a holistic approach that not only protects customers and partners but also publicly exposes malicious actors and their techniques thereby safeguarding the entire internet landscape.

THE SATORI EFFECT
The heart of HUMAN is protecting the digital experience—and at the core of this mission is the Satori Threat Intelligence Team. Satori is the DNA woven into everything we do, acting as a collective force multiplier of collaboration. Their work empowers everyone in the HUMAN ecosystem, delivering comprehensive insights throughout the customer journey, and benefits that strengthen our unified HUMAN Defense Platform.

Their work empowers everyone in the HUMAN ecosystem, delivering comprehensive insights throughout the customer journey, and benefits that strengthen our unified HUMAN Defense Platform.

Threat Intelligence the HUMAN Way

  • BADBOX 2.0

    1 million+

    BADBOX 2.0 infected more than 1 million devices worldwide.

    750 Million

    At peak, BADBOX 2.0-infected devices accounted for 750 million fraudulent bid requests a day.

    24

    Decoy apps in major app marketplaces enabling fraud through off-market apps across the internet.

    Learn More
  • Phish ‘n’ Ships

    10 Million

    10s of millions in monetary loss for businesses and customers. Dozens of store fronts all taken down by HUMAN partners.

    1,000+

    Over 1,000 web pages have been infected, driving traffic to fake web shops by injecting malicious payloads into legitimate websites.

    200+

    200+ fake web shops that abuse digital payment providers to steal consumers’ money and credit card information; 121 active during our investigation.

    Learn More
  • Konfeti

    10 Billion

    At peak, the malicious apps generated 10 BILLION fraudulent ad requests per day.

    10 Decoy “Evil Twin” Apps

    Satori researchers identified more than 250 app pairs abusing the CaramelAds advertising SDK across the internet.

    700 url+

    Researchers gained a broader understanding of the threat’s scope from a collection of IOCs, 
which included over 700 URLs, likely featuring compromised free content uploaded to platforms.

    Learn More
  • Badbox

    280,000

    280,000 unique devices were impacted through ad fraud scheme.

    74,000+

    Over 74,000 off-brand Android devices showed signs of BADBOX infection.

    227

    The ad fraud botnet’s conglomerate of associated apps were found in 227 countries and territories.

    Learn More
  • VASTFLUX

    12 Billion

    12 billion fraudulent ad requests in one day.

    11 Million

    11 million devices running ads within apps.

    1,700+

    More than 1,700 apps were spoofed across platforms.

    Learn More
  • Scylla

    13M+

    Associated apps were downloaded 13+ million times.

    80+

    80 Android apps on the Google Play Store and 9 apps on the Apple App Store were affected.

    Full
    Takedown

    was orchestrated in collaboration with Google and Apple.

    Learn More
  • Methbot

    300 Million

    At its zenith, the Methbot operation
    was “watching” 300 million video ads
    a day. And as video advertising carries
    a significantly higher cost than traditional banner or social ads, this adds up fast.

    6,000

    More than 6,000 premium publishers were spoofed in this operation.

    10

    The ringleader of the Methbot scheme was recently sentenced to 10 years in prison and restitution fines of more than $3.5 million.

    Learn More
  • 3ve

    700,000

    The 3ve botnet had
    more than 700,000
    active infections at a 
time during its operation.

    3 billion

    More than 3 billion ad requests every day were attributable to the 3ve botnet.

    20+

    The industry group built to disrupt—and take down—the 3ve botnet and scheme was composed of more than 20 organizations, including Google, Facebook, Amazon, and the FBI.

    Learn More
  • ICEBUCKET

    28%

    At its height, the ICEBUCKET scheme accounted for 28% of all connected TV traffic passing through the Human Verification Engine.

    1.9 Billion

    Nearly two billion pre-bid ad requests were associated with the ICEBUCKET operation every day before its disruption.

    2 million

    More than two million people in 30 countries were spoofed or faked during ICEBUCKET.

    Learn More
  • PARETO

    6,000

    The PARETO operators spoofed more than 6,000 CTV apps as part of their scheme.

    1 Million

    PARETO operated chiefly through a botnet of nearly one million infected Android phones.

    650 Million

    Across its mobile and CTV-centric botnet, the PARETO operation made more than 650 million fraudulent bid requests a day.

    Learn More

Gavin Reid

CISO

Lindsay Kaye

Vice President of Threat Intelligence

Maor Elizen

Senior Threat Intelligence Investigator

João Santos

Senior Manager of Threat intelligence

João Marques

Senior Threat Researcher

Gabriel Cirlig

Principal Security Researcher

Vikas P

Staff Investigator & Research

Inna Vasilyeva

Senior Threat Intel Analyst and Reverse Engineer

Aviad Kaiserman

Senior Cyber Threat Intelligence Analyst
Read more