DoubleVerify , a leading software platform for digital media measurement, data and analytics, announced that the DV Fraud Lab has discovered a new variant of the Connected TV (CTV) advertising fraud scheme, LeoTerra – which it first identified in July 2020. The new variant spoofs IoT (Internet of Things) devices, including smart refrigerators and smart watches, in an attempt to hide fraudulent behavior. DV estimates that LeoTerra’s latest variant has cost unprotected advertisers up to $10 million this year alone.
“In the first half of 2022 alone, DV identified and flagged three new variants of the LeoTerra scheme. These three variants, including the one impersonating IoT devices, have spoofed more than 92 million devices during H1 and up to 3.5 million device signatures each day.”
“This latest iteration of LeoTerra shows how fraudsters are always looking for new ways to avoid detection,” said Roy Rosenfeld, Head of DV’s Fraud Lab. “It also highlights how easily they spoof millions of devices by simply rotating through device lists that are free and easily accessible online.”
LeoTerra is a server-side ad insertion (SSAI) scheme that is part of an extensive operation of SSAI schemes known as OctoBot. To spoof large numbers of devices, fraudsters often use online device information sources, where they download lists of devices and incorporate the device information inside their falsified ad requests. This makes it appear as if their fraudulent traffic is coming from millions of different devices.
In some cases, online device lists also include unique or invalid device information. The fraudsters behind LeoTerra downloaded an entire list of CTV and mobile devices from one of the popular online device information providers. This list, however, included more than just CTV and mobile devices – it also included IoT devices. Through the unique and invalid devices, DV accurately identified the fraudsters’ source for extracting their spoofed device data, catching the new variant and continuing to block its impact for customers.
“LeoTerra is continuously shifting patterns in its attempts to evade detection,” added Rosenfeld. “In the first half of 2022 alone, DV identified and flagged three new variants of the LeoTerra scheme. These three variants, including the one impersonating IoT devices, have spoofed more than 92 million devices during H1 and up to 3.5 million device signatures each day.”
Connected TV (CTV) advertisers in the US spent $14.44 billion last year on CTV1 and, at its current pace, that number is expected to grow to $27.5 billion by the end of 20252. As revenue opportunities in CTV grow rapidly, so does the opportunity for fraud.
“Unfortunately, CTV inventory is highly susceptible to fraud,” said Mark Zagorski, CEO, DoubleVerify. “Fraud usually follows the money – particularly in environments that lack data transparency, industry standards, and technology solutions to counter it. The CTV ad ecosystem is no exception.”
As the industry has become more aware of CTV fraud’s scale and impact, DV has seen fraudsters evolve to evade detection, with more schemes mutating or changing their initial approach. To date this year, for example, DV’s Fraud Lab has caught and stopped six new SSAI variants aimed at falsifying CTV traffic.