A sophisticated, multimillion-dollar digital advertising fraud scheme has been uncovered by a BuzzFeed News investigation, with over 125 Android apps and websites found to be part of a network of front and shell companies in Cyprus, Malta, British Virgin Islands, Croatia, Bulgaria, among other countries.
According to the report, millions of Android phone owners who downloaded these apps were secretly tracked as they scrolled and clicked inside the apps. The scammers copied actual user behaviour this way and were, therefore, able to generate fake traffic while successfully bypassing major fraud detection systems.
It is estimated that hundreds of millions of dollars were stolen from brands whose ads were shown to bots instead of actual humans.
“We are impressed with the complex methods that were used to build this fraud scheme and what’s equally as impressive is the ability of criminals to remain under the radar”, said CEO of Protected Media, a cybersecurity and fraud detection firm that analyzed the apps and websites involved in the scam.
“Another fraud detection firm, Pixalate, first exposed one element of the scheme in June. At the time, it estimated that the fraud being committed by a single mobile app could generate $75 million a year in stolen ad revenue. After publishing its findings, Pixalate received an email from an anonymous person connected to the scheme who said the amount that’s been stolen was closer to 10 times that amount.”
An estimate by App metrics firm AppsFlyer suggests that nearly $800 million was stolen from mobile apps alone in the first quarter of this year. Overall, Juniper Research estimates $19 billion will be stolen this year by digital ad fraudsters.
The full list of Android apps and websites connected to the scheme is available here.