DoubleVerify (DV), a software platform for digital media measurement, data and analytics, says it has discovered a sophisticated advertising fraud scheme called ViperBot that attempts to steal over $8m (£6.1m) each month in ad spend across two of the industry’s most in-demand channels: connected television (CTV) and mobile video.
Through ViperBot, fraudsters strip the code that verifies ad impressions and then conceal and redirect this code through real devices to hide the fraudulent activity in an attempt to go undetected. While DV customers are currently protected from the scheme, the company said it continues to spoof more than 5m devices and up to 85m ad requests per day, undercutting ad investments and performance when solutions that can protect against ViperBot are not implemented.
“ViperBot is one of the most sophisticated fraud schemes that DV has ever identified,” said DoubleVerify CEO, Mark Zagorski. “The dynamic nature of fraud schemes underscores the fact that advertisers need a partner who is laser focused on protecting their interests – and who operates independent of the media transaction to remain neutral when determining the quality of inventory. “Efficient and transparent media buying leads to better outcomes for brands. By uncovering ViperBot, we are able to give brands greater confidence in their digital investment while ensuring campaign performance.”
ViperBot relies on both the well-documented occurrence of verification stripping and a new tactic, discovered by DV, called “verification redirection.” Verification stripping is the removal of verification tags previously set by a measurement provider. As this normally causes measurement discrepancies, fraud schemes that rely on verification stripping can regularly be identified by advanced measurement companies. DV, for example, has protected its clients against verification tag fraud for years.
DV said that with ViperBot, fraudsters have taken verification stripping to the next level. They are not only removing verification tags from the ad being delivered. They are also reinserting them inside cheap ad slots running on real devices in an attempt to prevent detection. This makes it difficult for unsuspecting measurement providers to recognize that any fraudulent activity is taking place. Upon identifying the new tactic, DV immediately blocked the falsified impressions and ad requests.