Seven seemingly separate fraud schemes targeting CTV devices over the past year and a half are in fact part of one large, coordinated fraud scheme family, identified as OctoBot.
That’s the finding of a digital media measurement, data and analytics outfit DoubleVerify.
In a report issued this morning called DV Uncovers Long-Game of Fraud With OctoBot, the authors write, “With the identification of this latest scheme, DV can now confirm that these schemes are not acting independently;they are part of a “family” of interrelated spoofing schemes operating under “OctoBot,” a large, multi-tentacled scam that first became active in November 2019.”
Mark Zagorski, Chief Executive Officer at DV said, “We’ve been seeing fraudsters aggressively target the CTV space, but the OctoBot fraud scheme family, with its multiple tentacles, is unprecedented.
“OctoBot displays a high degree of ingenuity in its evolving approach — with each variant operating in a unique manner. Our Fraud Lab, however, ultimately was able to detect common behaviors and traffic patterns that enabled us to identify the interrelationship between these seemingly dissociated approaches,” he says.
Since November 2019, the seven variants in the OctoBot scheme have generated billions of ad calls and spoofed thousands of apps and millions of devices — all with the intention to defraud advertisers out of millions in revenue. DV, however, has continued to protect customers throughout the iterations of this fraud family.
According to the company, it caught the most recent variant of OctoBot in February and shut it down within 24 hours. This latest variant exhibited similar behavior to a series of schemes DV has been blocking and tracking since November 2019.
In a statement DV says, “Two notable variants within the OctoBot scheme include MultiTerra and SneakyTerra, which were first identified by DV last year. MultiTerra is estimated to have had a $1M/month impact in diverted spend, and SneakyTerra is estimated to have had a $5M/month impact.
DV says its Fraud Lab — powered by a dedicated team of data scientists, mathematicians and researchers — performs ongoing detection and analysis of new types of digital ad fraud to uncover the latest schemes as they occur.
In an attempt to avoid DV’s rapid detection, this family of schemes repeatedly evolved, and were repeatedly shut down by DV.
The report notes, “OctoBot has engaged in various behaviors meant to conceal fraudulent activity. Throughout OctoBot’s various evolutions, the fraudsters tried to trick DV’s anti-fraud technology (as well as that of other vendors) through protocol-level spoofing, which attempts to make ad calls from non-CTV devices appear as if they are coming from CTV devices.
“To identify the link between the OctoBot variants, DV performed a months-long analysis of trillions of ad impressions and auctions, reverse engineering dozens of applications, and conducting significant open source intelligence (OSINT) operations.”