• by Karlene Lukovitz  @KLmarketdaily, April 20, 2021

Seven fraud schemes targeting CTV devices over the past 18 months are actually part of one large, coordinated effort, according to DoubleVerify/DV. 

The family of fraud schemes — dubbed “OctoBot” — have generated billions of ad calls, spoofed thousands of apps and millions of CTV devices, and despite rapid identification and shutdown, resulted in many millions in misdirected ad spend since November 2019, says the digital media measurement, data and analytics platform. 

DV says it was able to identify that the schemes were related in February, when it caught the most recent variant, which it shut down within 24 hours. 

That variant exhibited behavior similar to the earlier schemes DV had tracked and blocked since late 2019. 

Two notable variants within the OctoBot scheme include MultiTerra and SneakyTerra, first identified by DV last year. 

MultiTerra — a botnet that creates fraudulent inventory on CTV and mobile devices — is estimated to have diverted $1 million per month in ad spend, according to the report, which details how the various fraud schemes work. 

SneakyTerra — described as the first server-side ad-insertion (SSAI) scheme — is estimated to have diverted $5 million per month in ad spend. 

“We’ve been seeing fraudsters aggressively target the CTV space, but the OctoBot fraud scheme family, with its multiple tentacles, is unprecedented,” said DV CEO Mark Zagorski. “OctoBot displays a high degree of ingenuity in its evolving approach — with each variant operating in a unique manner” to avoid detection. 

Ultimately, the company’s fraud lab was able to detect common behaviors and traffic patterns that enabled identifying the relationship among “seemingly dissociated approaches” and rapidly evolving variants, he said. 

The lab performed a months-long analysis of trillions of ad impressions and auctions, reverse-engineered dozens of applications, and conducted open-source intelligence operations.

Editor's note: Days after this story was posted, Human, a competitor to DV in the ad-fraud prevention space, reported working with Omnicom Media Group, The Trade Desk, and Magnite to block another large bot-based fraud scheme dubbed Pareto, which was identified last year and affected 6,000-plus CTV apps before being stopped.

These players, in collaboration with Google and Roku, have formed an initiative to protect the digital advertising ecosystem from fraud.