Security Experts:

Connect with us

Hi, what are you looking for?



Google Blocks New Ad Fraud Scheme

Google says it recently blocked a new ad fraud scheme spread across a large number of applications and websites and monetizing with numerous advertising platforms.

Google says it recently blocked a new ad fraud scheme spread across a large number of applications and websites and monetizing with numerous advertising platforms.

Previously, the company had blocked websites from its ad network for violating its policies, but now it also took action against applications that were involved in the fraud scheme, after being tipped off by BuzzFeed News.

Not only did the web search company ensure that these apps can no longer monetize with Google, it also blacklisted additional apps and websites outside of its ad network, “to ensure that advertisers using Display & Video 360 (formerly known as DoubleClick Bid Manager) do not buy any of this traffic.”

The company estimates that “the dollar value of impacted Google advertiser spend across the apps and websites involved in the operation is under $10 million.” Basically, money was spent on invalid traffic on inventory from non-Google, third-party ad networks.

The web-based traffic was generated by a small to medium-sized botnet that has been tracked for several years as TechSnab. The number of infections has decreased significantly after the Chrome Cleanup tool started prompting users to uninstall the threat, Google says.

The malware, which has common IP-based cloaking, data obfuscation, and anti-analysis defenses, creates hidden browser windows that visit web pages to artificially inflate ad revenue. Traffic is directed to a ring of websites that have been specifically designed for this operation.

The operation monetized through a large number of ad exchanges. According to Google, as many as 150 exchanges, supply-side platforms (SSPs) or networks may have sold inventory from these websites. The operators had hundreds of accounts across 88 different exchanges, the search giant reveals.

Mobile apps were impacted the most, monetizing via AdMob. Traffic from these apps appears as a combination of organic user traffic and artificially inflated ad traffic, including that generated by hidden ads.

“Additionally, we found the presence of several ad networks, indicating that it’s likely many were being used for monetization. We are actively tracking this operation, and continually updating and improving our enforcement tactics,” Google says.

In addition to taking action to disrupt this threat, including the takedown of command and control infrastructure that powers the associated botnet, Google has shared information with partners across the ecosystem, so they too can harden defenses and minimize impact.

“This effort highlights the importance of collaborating with others to counter bad actors. Ad fraud is an industry-wide issue that no company can tackle alone. We remain committed to fighting invalid traffic and ad fraud threats such as this one, both to protect our advertisers, publishers, and users, as well as to protect the integrity of the broader digital advertising ecosystem,” Google notes.

Related: Google Fights Tech Support Scams With New Ad Restrictions

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.