Scalarr discovers a massive botnet fraud case for a video advertising platform
In February 2021, one of our high-profile clients, an ad exchange working with numerous DSPs, adopted DeepView™ early on, with the confidence that their traffic quality was 100%. What we unraveled was a fraud tangle of massive proportions where the entire volume of video traffic consisted of bots, generating millions of dollars in losses on a yearly basis.
Scalarr’s mission is to protect our clients’ investment and help discover who is actually watching ads. The DeepView solution is enriched with mobile market data and third-party data from partners to get the fraud detection accuracy that sets Scalarr apart in the industry.
Without help from an advanced fraud detection solution like DeepView, traffic purchasing managers never truly know who is watching their ads on the other side of a mobile phone screen. In contrast, and more often than not, when they look at traffic numbers, everything looks good on paper. Unfortunately, in over 50% of the cases, views are being generated by bots, not people.
Fraudsters love video advertising. Why? Because it is more expensive, making it a high-earning target. Recently, there’s been a lot of discussion about video and ad fraud discoveries, like IceBucket, botnets in infected devices, etc. Never before has the industry seen such sophisticated bots like we are seeing nowadays.
In our client’s specific case, their trust stemmed from the fact that their ads were being placed on well-known mobile apps like NBC, Fox Sports, Fox News, ABC News, etc. With prominent names like these, it’s easy to understand why our client thought these apps would give a guarantee to be safe from fraud.
Unfortunately, fraudsters are well aware of the ploy to exploit sophisticated bundles of spoofing to substitute well-known app names in traffic to sell them at a higher price and reassure customers their traffic is clean and reliable.
DeepView™ is Scalarr’s response to address Ad Exchanges, DSPs, and SSPs dire need for an anti-fraud service. DeepView™ is an AI-powered detection service that analyzes millions upon millions of impressions in a matter of seconds to detect the slightest anomalies in CTV, mobile web, in-app, desktop, and identify patterns that signal fraud among them.
DeepView™ can analyze massive amounts of impressions per minute thanks to its powerful tech stack comprised of Apache Spark and Apache Kafka on the Kubernetes platform that, when paired with Scalarr’s optimized infrastructure and unique database*, helps meet the highest speed and scale of programmatic ecosystem requirements.
Looking at traffic from multiple different angles, namely analyzing more than hundreds of data points for each impression, parameters, distributions, time series, and behavioral patterns, we are able to sort traffic and catalog your sources in great detail.
Based on the anomalies we found in our client’s traffic, we knew we were dealing with a large-sized botnet operating on virtual machines, capable of generating enormous amounts of invalid impressions. DeepView™ detected numerous servers with many containers which were virtual machines with a smartphone operating system that emulated real smartphones.
In the following image, we sum up the most striking results upon discovering this botnet:
The scale of botnets that DeepViewTM has detected is striking:
- More than 4,000 fake spoofed apps (bundle spoofing),
- Over 2 million fake device IDs,
- More than 500,000 IP addresses,
- Over 10,000 fake user agents.
The data was emulated in a refined manner and up to $7 million yearly losses were estimated for the client. With no clear sign of when the large-sized botnet first penetrated our client’s traffic, chances are this operation was going on for months.
In parallel, we noticed that traffic in two other clients, albeit with smaller fraud volumes (up to 10%), began to aggressively expand by entering the market. Deep neural networks have learned to fake video sequences, voice, and generate fake news and text with high quality. One would have to be very naive to expect fraudsters to stay still.
Bots are not just device farms where people watch ads or click/install an app. Modern fraudster bots use smart technologies that don’t need human involvement at all and can take volumes of fraud to a whole new level.
Scalarr’s DeepView™ gives clients end-to-end, horizontal IVT detection and protection across every stage of the funnel with unsurpassed accuracy. By cooperating with Scalarr, clients gain access to our accumulated knowledge base with more than ten million smart bot samples and more than 100 million samples of all other types of fraud. With transfer learning technologies, we protect our clients from all types of existing fraud bots, regardless of their level of sophistication.
*Unique database enriched with information collected across real devices and ad placements over a 4-year span to see the true, full picture of the ecosystem.