Monday, November 25, 2024
HomeBotnetCyber Criminal's Earn $5 Million Daily By Fraudulent Video Ad "Methbot"- A...

Cyber Criminal’s Earn $5 Million Daily By Fraudulent Video Ad “Methbot”- A Shocking Report

Published on

According to researchers at White Ops who uncovered the ad fraud, cyber crime group has been earning as much as $3 million to $5 million daily by generating up to 300 million fraudulent video-ad impressions per day.

The group behind the ad fraud has created a complex bot farm called Methbot using thousands of proxies and dedicated, deceptive IP addresses to con mainstream advertisers into thinking their ads are running on major media websites.

This Methbot Using an army of automated web browsers run from fraudulently acquired IP addresses, the Methbot operationis “watching” as many as 300 million video ads per day on falsified websites designed to look like premium publisher inventory. More than 6,000 premium domains were targeted and spoofed,enabling the operation to attract millions
in real advertising dollars.

- Advertisement - SIEM as a Service

Methbot generates the impressions using 250,267 distinct URLs across 6,111 premium distinct domains, White Ops has observed, and it uses several techniques to fool anti-fraud companies.

Methbot Operation Estimation:

Volume and Estimated Financial Impact Report from White Ops ,

• $3 to $5 million in revenue per day for its operators

• CPMs ranged from $3.27 to $36.72 with the average being $13.04

• 200 – 300 million video ad impressions generated per day on fabricated inventory

• 250,267 distinct URLs spoofed to falsely represent inventory

• 6,111 premium domains targeted and spoofed

• High value marketplaces targeted including PMPs

Methbot, researchers say, is unique in its ability to defraud advertisers compared to other ad fraud botnets. According to researchers, competing ad-fraud bots have only raked in a fraction of Methbot’s earning ability.

Competing ad-bots such as ZeroAccess Botnet are thought to have collected as much as $900,000 per day, the Chameleon Botnet took up to $200,000 per day, and HummingBad took up to $10,000 per day, according to White Ops.

The Methbot ad fraud infrastructure. Image: White Ops.

White Ops published a research report exposing the hack and it explains in great detail how the operation profits. Here’s how it works:

  • It creates spoof versions of the URLs (website addresses) of premium publishers, such as vogue.com/video, economist.com/video, espn.com/video, fortune.com/video, and foxnews.com/video.
  • These web pages contain nothing more than what is needed to support an ad. The publisher’s server is never contacted.
  • Methbot then uploads a video ad to the fake page and “plays” it through a simulated browser.
  • To generate a monetizable impression of the ad, it then simulates a human with a “bot” – this is how it deceives ad fraud companies – the bot randomly interrupts the playback using fake mouse movements. It also uses social login information to masquerade as engaged humans, and it simulates clicks “in a randomly generated fashion to achieve a realistic rate.”

Key Behaviors of Methbot :

Video advertising on premium web sites fetches some of the highest prices in digital
advertising. Methbot hijacks the brand power of premium publishers by spoofing URLs in
the call for a video ad in order to attract advertising dollars in the following way:
Counterfeit page: Methbot selects a domain or URL from a list of premium publishers,
and fabricates counterfeit pages. The page contains nothing more than what is needed
to support an ad, and the publisher’s server is never contacted.
Offer inventory: Using the industry standard VAST protocol, Methbot requests a video
ad from a network, using one of Methbot’s identifiers so they will get credit for it.
Produce fake views and clicks: The video ad is loaded through a proxy and “played”
within the simulated browser. Any specified anti-fraud and viewability verification code
is also loaded and fed false signals in order to make the activity seem legitimate.

Researcher’s says, White Ops has observed 250,267 distinct URLs across 6,111 distinct domains that were generated by Methbot in the act of impersonating a user visiting a web page.

 
 
 
 
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting...

Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ...

XSS Vulnerability in Bing.com Let Attackers Send Crafted Malicious Requests

A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to...

Meta Removed 2 Million Account Linked to Malicious Activities

 Meta has announced the removal of over 2 million accounts connected to malicious activities,...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Water Barghest Botnet Comprised 20,000+ IoT Devices By Exploiting Vulnerabilities

Water Barghest, a sophisticated botnet, exploits vulnerabilities in IoT devices to enlist them in...

10 Best DNS Management Tools – 2025

Best DNS Management Tools play a crucial role in efficiently managing domain names and...

10 Best Linux Distributions In 2024

The Linux Distros is generally acknowledged as the third of the holy triplet of...