Cybersecurity company HUMAN has discovered a new, highly sophisticated botnet focused on defrauding the Connected TV (CTV) advertising ecosystem.
Omnicom Media Group, The Trade Desk, and Magnite, as well as flagship members of The Human Collective — a newly launched initiative that brings together players throughout digital advertising to create a collectively protected ecosystem—are now collaborating with HUMAN, with the support of Google and Roku in leading the disruption efforts.
Pareto has affected nearly a million infected mobile Android devices pretending to be millions of people watching ads on smart TVs and other devices. The botnet used dozens of mobile apps to impersonate or spoof more than 6,000 CTV apps, accounting for an average of 650 million ad requests every day.
HUMAN's Sartori Threat Intelligence and research team found that Pareto has been operating since 2020 The operation is named after The Pareto Principle, an economics concept that dictates that 80% of the impact in any given situation is carried out by only 20% of the actors.
"CTV provides massive opportunities for streaming services and brands to engage with consumers through compelling content and advertising," said HUMAN CEO and Co-Founder Tamer Hassan. "Because of this opportunity, it is incredibly important for the CTV ecosystem and brands to work together through a collectively protected advertising supply chain to ensure fraud is recognised, addressed and eliminated as quickly as possible."
Pareto works by spoofing signals within malicious Android mobile apps to impersonate consumer TV streaming products running Fire OS, tvOS, Roku OS, and other prominent CTV platforms.
The botnet takes advantage of digital shifts that were accelerated by the pandemic, hiding in the noise in order to trick advertisers and technology platforms into believing ads were being shown on CTVs. This particular approach is lucrative for fraudsters, as pricing for ads on connected TVs is often substantially higher than pricing on mobile devices or on the web.
"What's especially striking about this operation is its scale and sophistication," said HUMAN Chief Scientist Michael McNally. "The actors behind Pareto have a fundamental understanding of numerous aspects of advertising technology, and used that to their advantage in how they hid their work within the CTV ecosystem. Their efforts included low-level network protocol spoofing, which is especially hard to detect, but which our team at HUMAN spotted."