Online fraud-prevention firm White Ops uncovered this new Ad fraud campaign, dubbed “Methbot,” that automatically generates more than 300 Million fraudulent video ad impressions every day.
The cyber criminal gang, dubbed AFT13, has developed Methbot robo-browser that spoofs all the necessary interactions needed to initiate, carry out and complete the ad transactions.
Cyber criminals behind Methbot are using servers hosted in Texas and Amsterdam to power more than 570,000 bots with forged IP addresses, mostly belongs to the United States, which make it appear ads are being viewed by US visitors.
The cyber criminals then obtain video-ad inventory to display to its fake media websites for top dollar and fools the ad marketplace into thinking the ad content is being watched by legitimate website visitors.
But in reality, these video ads are viewed by Methbot’s fake viewers, as the fraud also includes an automated software program that mimics a user watching ads.
To make their bots look more real, the gang is using methods like automated faked clicks, social network login information, and mouse movements.
If you multiply this number by more than 570,000 compromised IP addresses, the money rolls in.
The company believes that Methbot creates an estimated between 200 Million and 300 Million fraudulent video ad impressions per day, targets roughly 6,000 publishers and generates between $3 Million and $5 Million in revenue every 24 hours.
White Ops initially noticed the activity of Methbot last year in September, but in October 2016, the campaign dramatically risen.
The Methbot operation is headquartered in Russia but uses data centers in Dallas and Amsterdam. Although this information is not enough to prove that the hackers are of Russian origin, White Ops evidently believes that the hacker group is based in Russia.
White Ops has notified the FBI about the scam and has been working with federal law enforcement for weeks now.