Advertising

Investigation finds that nearly 90 apps may have been committing ad fraud

“They really tried to fly under the radar with this and just take a little bit of money,” a cybersecurity exec told us.
article cover

Dianna “Mick” McDougall

· less than 3 min read

Get marketing news you'll actually want to read

Marketing Brew informs marketing pros of the latest on brand strategy, social media, and ad tech via our weekday newsletter, virtual events, marketing conferences, and digital guides.

Holy fraud, Batman!?! Today, the cybersecurity firm Human (formerly called White Ops) revealed that it had pulled the rug out from under what it has called an “ad fraud scheme” present in apps that had been downloaded nearly 13 million (!) times.

An investigation spearheaded by Human found 80 Android apps and nine iOS apps committing fraud “through a variety of tactics,” like pretending to be other apps to skim off programmatic advertising dollars (a strategy that’s known as “spoofing”), running ads where users couldn’t see them, or faking clicks.

Because so much of programmatic advertising is automated and without much transparency, bad actors who engage in “a little bit of fraud” can actually get a small slice of a “really, really, huge market,” Gavin Reid, VP of threat intelligence at Human, said, though he couldn’t estimate how much this operation may have cost advertisers. This year, ad spend on programmatic digital display alone is expected to reach $123 billion, according to Insider Intelligence estimates.

It’s “kind of a level of maturity for these miscreants, where not only are they playing these fake ads, but they’re also mimicking a user interacting with them. That’s pretty scary stuff,” said Reid.

One app, a game called Wood Sculptor, was seen engaging with ad servers, though researchers never saw an ad displayed while playing the game.

These apps try to mimic popular apps in an attempt to get users to download them and advertisers to advertise on them, Reid said. The 89 apps included titles like Loot the Castle, Run Bridge, Parking Master, Corn Scraper (🤔) and Billionaire Scratch, Human noted in its release. Though they’ve been downloaded at least 13 million times in total, they’re copying apps that Reid would consider “not very well-known.”

“They really tried to fly under the radar with this and just take a little bit of money,” he said.

The investigation has been ongoing since 2019 and, in total, has resulted in the identification of 184 apps. Click here for a full list of apps associated with the investigation.

Unrelated, related: In August, we observed publishers like the Los Angeles Times, Complex, and Vanity Fair buying traffic from mobile-app games like Subway Surfers.

Get marketing news you'll actually want to read

Marketing Brew informs marketing pros of the latest on brand strategy, social media, and ad tech via our weekday newsletter, virtual events, marketing conferences, and digital guides.