A new report has uncovered a massive advertising fraud scheme that made scammers serious cash, fooled marketing companies and killed users' smartphone batteries. The scheme operated via fake banner advertisements that were secretly hidden behind legitimate banner ads in Android apps, according to BuzzFeed News. This scam was previously spotted by at least two ad fraud detection firms, Protected Media and online media verification firm DoubleVerify's ad fraud lab. A new report has uncovered a massive advertising fraud scheme that let made scammers serious cash, fooled marketing companies and killed users' smartphone batteries Fraudsters were able to hijack in-app ads in apps using Twitter's MoPub ad platform. App developers say they've received complaints of their apps draining consumers' phone batteries, BuzzFeed said, but they often can't explain the source of the battery drain.
Law enforcement conducted coordinated raids across Europe to take out the networks, followed by successive takedowns of the fake websites. Three of the eight alleged perpetrators were arrested overseas on charges including wire fraud, computer intrusion and money laundering. The others remain at large. "The defendants in this case used sophisticated computer programming and infrastructure around the world to exploit the digital advertising industry through fraud," said Richard Donoghue, the U.S. Attorney for the district. One of the operations, named 3ve, was first identified last year by Google, a unit of Alphabet Inc., GOOGL 0.16% which lost millions of dollars in the scam, and ad-fraud-detection firm White Ops.
The FBI, Google, and 20 tech industry partners have collaborated to take down a giant cyber-criminal network involved in generating fake ad views and clicks that have been used to defraud ad networks and advertisers for the past four years and make millions in illicit revenue for the scheme's perpetrators. Besides a coordinated intervention to take down several of the criminal scheme's botnets, the US Department of Justice also announced a 13-count indictment against eight suspects believed to be behind this operation, three of whom are already under arrest and awaiting extradition to the US. According to a DOJ indictment and a white paper released by Google and cyber-security firm White Ops, the eight suspects are believed to be the main operators of an ad fraud scheme that the cyber-security and advertising industry has been tracking since last year under the codename of "3ve," and which is believed to have been active since at least 2014. Investigators said that over time, the 3ve operators used different schemes to generate ad views and clicks, relying on a slew of tricks, such as renting other cybercrime botnets, creating their own botnets hosted on commercial data centers, hijacking IP address blocks, using proxies to hide real IP addresses, and even creating their own websites on which they displayed ads, to make sure that bots have ads to load and click on. Based on observations or past practices, Google and industry partners have organized 3ve's operations in three subgroups, each with its own specifics.
Security firm White Ops says it has discovered an ad fraud scheme raking in up to $3 million per day, making it the largest such operation ever. Called Methbot, because of drug references in the code, it tricks ad networks into playing videos on fake websites, which are in turn "watched" by bots that simulate real users. The networks then pay the scammers, reportedly located in Russia, effectively flushing advertisers' and publishers' money down the toilet. The operation is unprecedented in its complexity, the security firm says, and may have cost the hackers as much as several hundred thousand dollars per day. To start with, the scammers registered over 6,000 fake domains that spoofed legitimate sites like ESPN and Fox News, then generated over a quarter million fake URLs that could only do one thing: host video ads.
A massive ad-fraud operation that hijacked nearly two million devices and involved 5,000 counterfeit websites has been dismantled by the FBI, Google and bot-detection firm White Ops. The eight men involved in the scheme are facing charges -- three have been arrested and five remain at large. The scheme, known as "3ve" (pronounced "Eve") was described by the take-down team as a "very complex, ever-shifting maze." What started as a small botnet operation, first discovered in 2016, grew to operate on a huge scale, using malware packages Boaxxe and Kovter to infect PCs. Both were spread by booby-trapped emails and drive-by downloads, hijacking devices that would generate fake clicks on ads and making its operators hefty sums of money from duped advertising networks.