Impact

Impact

The Buzzfeed Botnet and Why Impact Customers Were Already Safe

In-app fraud continues to be a major problem plaguing the programmatic RTB ecosystem, so I wasn’t surprised when Buzzfeed published their article: Apps Installed On Millions Of Android Phones Tracked User Behavior To Execute A Multimillion-Dollar Ad Fraud Scheme.

In this impressive piece of investigative journalism, Craig Silverman of Buzzfeed exposed a major in-app fraud operation that targeted premium US based advertisers. The article does well to track ad fraud to the shell corporate structure that ultimately profits from it and expose it for what it is— organized criminal activity.

But the findings that Silverman presented were not only unsurprising… they were familiar. After a bit of digging, I found what I was looking for: Forensiq first encountered apps associated with this botnet in February of 2018, shortly after the Gen 2.2 release of our automated traffic algorithm.

The Gen 2.2 algorithm, which leveraged a new machine learning approach to identifying suspicious traffic, exposed high levels of IVT across numerous innocent-looking apps. We immediately advised affected clients to blacklist/avoid the supply-paths that resulted in their bidding on this traffic. The collective and coordinated pattern of requests from the devices using (and/or spoofing) these apps suggested a mobile botnet at work— something our algorithms are fine tuned to detect.

All-in-all, we only encountered 24 of the apps involved in this scheme, but those that we did come across tripped our threshold for recommended risk and were therefore flagged for high-risk activity. Note that clients who are actively using Forensiq to optimize their traffic should not have anything to worry about concerning the in-app fraud scheme that Buzzfeed reported on— they should already have optimized that traffic out of their pipes. It takes widespread adoption of fraud protection like this to ensure that no exploitative fraud schemes reach multimillion dollar magnitude or remain powerfully functional over the course of months, like we’ve seen here.

This Q4, it’s important that brands pay close attention to the nuances around fraud detection vs. viewability / brand safety measurement. Focusing on just the latter can leave you unwillingly exposed to costly fraud operations like the Buzzfeed botnet.

It takes an informed, contextualized approach to verification to remain safeguarded against emerging forms of fraud. Maintain a proactive behavior around ensuring high quality media buys by partnering with a vendor that specializes in outpacing the cybercriminals bent on stealing your ad spend this holiday season.

Request a free fraud audit from Forensiq to dig into your traffic quality, down to the event level.

Back to Resources