Through ‘verification stripping’ and code redirection, ViperBot is spoofing ad requests and siphoning millions of ad spend dollars into fraudsters’ pockets.

A sophisticated advertising fraud scheme has been discovered attempting to steal over US$8m in ad spend across connected television (CTV) and mobile video platforms.

Dubbed ViperBot, the fraud scheme involves “verification stripping” where verification pixels for ads are stripped by fraudsters to avoid monitoring and detection by verification vendors. As this stripping normally causes measurement discrepancies, fraud schemes that rely on this technique can regularly be identified by advanced measurement companies.

This is where the new “redirection” technique of inserting the code into cheap ad slots running on real devices helps cover up the code stripping. The “verification redirection” involves reinserting the verification pixels inside cheap ad slots running on real devices in an attempt to prevent detection. Because the ad call is coming from a real device, verification vendors are more likely to treat the traffic as legitimate, making it difficult for unsuspecting measurement providers to recognize that any fraudulent activity is taking place.

With the elaborate scheme, advertisers receive spoofed information while verification providers see data about a real app/device—making that data appear legitimate.

According to Jack Smith, Chief Product Officer, DoubleVerify, the firm that discovered the scheme: “As fraudsters continue to evolve and aggressively target high-value inventory types, measurement providers need to catch up. We’re seeing this happen in CTV and mobile inventory, where higher CPMs make it a more attractive target, but this new redirection tactic can be applied across many environments.”

Added the firm’s CEO, Mark Zagorski: “ViperBot is one of the most sophisticated fraud schemes that (we) have ever identified. The dynamic nature of fraud schemes underscores the fact that advertisers need a partner who is laser focused on protecting their interests—and who operates independent of the media transaction to remain neutral when determining the quality of inventory.”

ViperBot continues to spoof more than five million devices and up to 85m ad requests per day, undercutting ad investments and performance when solutions that can protect against sophisticated fraud schemes are not implemented.