Despite unprecedented efforts from the ad industry and law enforcement, fraud continues to blight the sector.
It’s an issue that cost advertisers $42 billion in 2019, according to analytics firm Juniper Research, and continues to challenge even the most seasoned security professionals, with app stores a notable point of vulnerability in the ecosystem.
That’s the conclusion of separate reports released this week, with experts also claiming the economic chaos spurred by the novel coronavirus is serving as further cover for fraudsters.
Security firm White Ops uncovered a fraud scheme dubbed Terracotta that targeted the Google Play store. While it’s undetermined how much Terracotta cost advertisers, previously, White Ops reported a botnet scheme that reportedly stole between $3 million and $5 million a day.
The scam worked by promising free shoes to users who downloaded certain apps through Google Play. In reality, some 5,550 apps infected users’ Android phones with malware, installing a modified browser that generated fake ad clicks. The malware disguised itself as other popular Android apps to fool advertisers.
White Ops investigated the attack along with Google, claiming it triggered up to 2.4 billion fake bid requests with 65,000 Android phones infected.
The scam resembles the notorious 2018 3ve case, in which foreign nationals operated a botnet that infected over a million devices, downloading fake browsers onto users’ PCs to imitate ad traffic, a scam that warranted investigation by the FBI and a subsequent legal case.
Joe Tallet, manager of detection and data intel at White Ops, said his team identified a series of unusual traffic patterns over the course of six to nine months, singled out the sources of those disruptions and then ultimately delisted those apps from the Play store.
Meanwhile, a separate study this week by programmatic insights platform Pixalate also identified app stores as a point of vulnerability, claiming Google delisted 500,000 Android apps, which accounted for over 14 billion downloads, in the first half of 2020.
White Ops worked with Google to remove the offending apps on Play Store, and in order to expedite the process of detecting threats, Google has joined several other firms as a member of the trade organization Trustworthy Accountability Group’s (TAG) Threat Exchange.
Launched in 2018, the Threat Exchange serves as an intelligence-sharing community for companies across the ad-tech industry. The exchange has grown in members recently, although TAG declined to provide a specific number or list of members. Due to increased demand for its intelligence network, TAG hired cybersecurity expert Danielle Meah as director of threat intelligence earlier this month.
“We’re seeing real impact from [intelligence] sharing now: reducing the time-to-life for a lot of the attacks that are being shared, one-to-one impact ratio for the industry,” Meah said.
Mike Zaneis, CEO of TAG, added, “They can get this data point, maybe a seat ID on a buying platform [such as an ad exchange] that is distributing malware, and they can go look for that same activity.” He compared the exchange to the difference between poking around in the dark with a flashlight versus shining a large spotlight.
Experts told Adweek that turbulence from Covid-19 has contributed to increased fraud this year. Tallet added that unrelated to the pandemic, unsophisticated fraud has “never been easier.” Bad actors can simply “set up automation software—which you can deploy to as many servers in the cloud as you want—to pretend to be Google Chrome, clicking ads and pretending to be a human.”