Saturday, November 2, 2024
HomeBotnetCyber Criminal's Earn $5 Million Daily By Fraudulent Video Ad "Methbot"- A...

Cyber Criminal’s Earn $5 Million Daily By Fraudulent Video Ad “Methbot”- A Shocking Report

Published on

Malware protection

According to researchers at White Ops who uncovered the ad fraud, cyber crime group has been earning as much as $3 million to $5 million daily by generating up to 300 million fraudulent video-ad impressions per day.

The group behind the ad fraud has created a complex bot farm called Methbot using thousands of proxies and dedicated, deceptive IP addresses to con mainstream advertisers into thinking their ads are running on major media websites.

This Methbot Using an army of automated web browsers run from fraudulently acquired IP addresses, the Methbot operationis “watching” as many as 300 million video ads per day on falsified websites designed to look like premium publisher inventory. More than 6,000 premium domains were targeted and spoofed,enabling the operation to attract millions
in real advertising dollars.

- Advertisement - SIEM as a Service

Methbot generates the impressions using 250,267 distinct URLs across 6,111 premium distinct domains, White Ops has observed, and it uses several techniques to fool anti-fraud companies.

Methbot Operation Estimation:

Volume and Estimated Financial Impact Report from White Ops ,

• $3 to $5 million in revenue per day for its operators

• CPMs ranged from $3.27 to $36.72 with the average being $13.04

• 200 – 300 million video ad impressions generated per day on fabricated inventory

• 250,267 distinct URLs spoofed to falsely represent inventory

• 6,111 premium domains targeted and spoofed

• High value marketplaces targeted including PMPs

Methbot, researchers say, is unique in its ability to defraud advertisers compared to other ad fraud botnets. According to researchers, competing ad-fraud bots have only raked in a fraction of Methbot’s earning ability.

Competing ad-bots such as ZeroAccess Botnet are thought to have collected as much as $900,000 per day, the Chameleon Botnet took up to $200,000 per day, and HummingBad took up to $10,000 per day, according to White Ops.

The Methbot ad fraud infrastructure. Image: White Ops.

White Ops published a research report exposing the hack and it explains in great detail how the operation profits. Here’s how it works:

  • It creates spoof versions of the URLs (website addresses) of premium publishers, such as vogue.com/video, economist.com/video, espn.com/video, fortune.com/video, and foxnews.com/video.
  • These web pages contain nothing more than what is needed to support an ad. The publisher’s server is never contacted.
  • Methbot then uploads a video ad to the fake page and “plays” it through a simulated browser.
  • To generate a monetizable impression of the ad, it then simulates a human with a “bot” – this is how it deceives ad fraud companies – the bot randomly interrupts the playback using fake mouse movements. It also uses social login information to masquerade as engaged humans, and it simulates clicks “in a randomly generated fashion to achieve a realistic rate.”

Key Behaviors of Methbot :

Video advertising on premium web sites fetches some of the highest prices in digital
advertising. Methbot hijacks the brand power of premium publishers by spoofing URLs in
the call for a video ad in order to attract advertising dollars in the following way:
Counterfeit page: Methbot selects a domain or URL from a list of premium publishers,
and fabricates counterfeit pages. The page contains nothing more than what is needed
to support an ad, and the publisher’s server is never contacted.
Offer inventory: Using the industry standard VAST protocol, Methbot requests a video
ad from a network, using one of Methbot’s identifiers so they will get credit for it.
Produce fake views and clicks: The video ad is loaded through a proxy and “played”
within the simulated browser. Any specified anti-fraud and viewability verification code
is also loaded and fed false signals in order to make the activity seem legitimate.

Researcher’s says, White Ops has observed 250,267 distinct URLs across 6,111 distinct domains that were generated by Methbot in the act of impersonating a user visiting a web page.

 
 
 
 
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

10 Best Linux Distributions In 2024

The Linux Distros is generally acknowledged as the third of the holy triplet of...

Russia-Linked Hackers Attacking Governmental And Political Organizations

Two pro-Russian threat actors launched a distributed denial-of-service (DDoS) attack campaign against Japanese organizations...

ErrorFather Hackers Attacking & Control Android Device Remotely

The Cerberus Android banking trojan, which gained notoriety in 2019 for its ability to...