A fraud scheme faking more than 3 million daily impressions across CTV and mobile has been stopped, according to a new report from DoubleVerify.
Dubbed ‘MultiTerra’, the botnet could have stolen $US1 million per month in advertising inventory if it had not been thwarted.
According to DoubleVerify’s report, a single MultiTerra IP could impersonate 16 different iPhones and Android phones, requesting 50 impressions to at least 9 different apps.
These IPs generated “intense bursts of fake impressions”, before being quickly retired. MultiTerra would then generate new IP addresses and repeat the scam.
To stop the scheme, DoubleVerify says it used its machine-learning algorithms to identify the unusual patterns and test the traffic’s validity.
“Once the abnormal behavior was confirmed as fraudulent, our team quickly implemented protective measures and deployed them across our clients’ campaigns and pre-bid avoidance integrations,” said DoubleVerify.
“In a joint effort by DV’s research, analytics and development teams, the Fraud Lab team created an algorithm that detected and captured these IP addresses less than an hour after they had been taken over by fraudsters.”
The challenge for DoubeVerify was the way in which MultiTerra was able to continually morph after it had been detected.
DoubleVerify said it took 50 days in total for the botnet to stop operating.