Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

Google Blocks New Ad Fraud Scheme

Google says it recently blocked a new ad fraud scheme spread across a large number of applications and websites and monetizing with numerous advertising platforms.

Google says it recently blocked a new ad fraud scheme spread across a large number of applications and websites and monetizing with numerous advertising platforms.

Previously, the company had blocked websites from its ad network for violating its policies, but now it also took action against applications that were involved in the fraud scheme, after being tipped off by BuzzFeed News.

Not only did the web search company ensure that these apps can no longer monetize with Google, it also blacklisted additional apps and websites outside of its ad network, “to ensure that advertisers using Display & Video 360 (formerly known as DoubleClick Bid Manager) do not buy any of this traffic.”

The company estimates that “the dollar value of impacted Google advertiser spend across the apps and websites involved in the operation is under $10 million.” Basically, money was spent on invalid traffic on inventory from non-Google, third-party ad networks.

The web-based traffic was generated by a small to medium-sized botnet that has been tracked for several years as TechSnab. The number of infections has decreased significantly after the Chrome Cleanup tool started prompting users to uninstall the threat, Google says.

The malware, which has common IP-based cloaking, data obfuscation, and anti-analysis defenses, creates hidden browser windows that visit web pages to artificially inflate ad revenue. Traffic is directed to a ring of websites that have been specifically designed for this operation.

The operation monetized through a large number of ad exchanges. According to Google, as many as 150 exchanges, supply-side platforms (SSPs) or networks may have sold inventory from these websites. The operators had hundreds of accounts across 88 different exchanges, the search giant reveals.

Mobile apps were impacted the most, monetizing via AdMob. Traffic from these apps appears as a combination of organic user traffic and artificially inflated ad traffic, including that generated by hidden ads.

Advertisement. Scroll to continue reading.

“Additionally, we found the presence of several ad networks, indicating that it’s likely many were being used for monetization. We are actively tracking this operation, and continually updating and improving our enforcement tactics,” Google says.

In addition to taking action to disrupt this threat, including the takedown of command and control infrastructure that powers the associated botnet, Google has shared information with partners across the ecosystem, so they too can harden defenses and minimize impact.

“This effort highlights the importance of collaborating with others to counter bad actors. Ad fraud is an industry-wide issue that no company can tackle alone. We remain committed to fighting invalid traffic and ad fraud threats such as this one, both to protect our advertisers, publishers, and users, as well as to protect the integrity of the broader digital advertising ecosystem,” Google notes.

Related: Google Fights Tech Support Scams With New Ad Restrictions

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Compliance

Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.