Customise Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorised as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyse the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.

No cookies to display.

StatCounter - Free Web Tracker and Counter
The Enterprise Guide on Innovation and Security with Generative AI

DoubleVerify Uncovers ShadowBot Scheme with 35 Million Spoofed Devices

MarTech

DV’s Fraud Lab detected amateur-level fraudster mistakes behind a $2.5M fraud operation targeting CTV and mobile inventory

DoubleVerify, the leading software platform to verify media quality, optimize ad performance, and prove campaign outcomes, released the discovery of ShadowBot, a fraudulent bot scheme that generated over 35 million spoofed mobile devices in Q1 2025 and cost unprotected advertisers an estimated $2.5 million since the start of 2025.

The DV Fraud Lab identified ShadowBot targeting mobile and Connected TV (CTV) environments using rudimentary automation techniques, including mobile emulators and spoofed app IDs. While the scheme was widespread, it was riddled with amateur-level mistakes, making it detectable for advertisers protected by DV’s advanced fraud-detection systems.

Marketing Technology Insights: Network Solutions and Web.com Consolidate to Deliver Digital Experience

“ShadowBot shows that fraud doesn’t need to be sophisticated to be costly,” said Gilit Saporta, VP Product, Fraud & Quality at DoubleVerify. “It’s alarming to see $2.5M lost to bots using resolutions of an old CRT screen we all used back in the 1990s. The fraud scheme operator didn’t even bother to match its fake device signals to a proper mobile device. We’re happy to know that DV clients remain safe, thanks to DV’s AI-powered Fraud Lab, which catches subtle deviations from normal user behavior. That’s how we uncover the most sophisticated schemes out there, as well as the easier cases like ShadowBot.”

DV Fraud Labs identified five key red flags that uncovered ShadowBot:

  1. Basic Automation Methods: ShadowBotused emulators that defaulted to screen resolutions (e.g., 800×600). This resolution is not typical for mobile devices.
  2. Overly Aggressive Traffic Generation: The operation produced abnormally high impression volumes that didn’t align with seasonal trends.
  3. Suspicious IP Activity: Fraudsters relied on anonymizing IP proxies, provided by long tail entities. The digital footprint of these proxy providers was riddled with fake testimonials, broken URLs, and known abuse reports.
  4. Lack of Behavioral Diversity: Devices showed identical impression counts, lacking the variability expected from real users.
  5. Improbable Engagement Patterns: Devices appeared to open 10 spoofed apps in just 9 minutes – behavior impossible for actual users.

“We’ve found that emerging media types, including mobile and CTV environments, are especially susceptible to fraud due to limited visibility and rapid growth,” added Lisa Toledano, who leads one of DV’s fraud detection teams. “Without consistent monitoring and adaptation, these high-value environments become easy targets. Protecting ad spend from these types of schemes requires an always-on approach.”

Marketing Technology Insights: Coupa Powers Spend Efficiency at Sprout Social

“As the digital ecosystem continues to scale through automation, the emergence of sophisticated fraud schemes like ShadowBot reinforces the critical importance of transparency, quality, and accountability in media,” said Wayne Tassie, Group Director – Netherlands, DoubleVerify. “Safeguarding advertisers from spoofed environments is not just technically challenging for DV, it is fundamental to maintaining trust, protecting brand equity, and upholding investment integrity for our customers and partners. In an increasingly complex and fragmented landscape, brands rely on us to ensure their media investments deliver genuine impact, fostering long-term, mutually beneficial partnerships and reciprocal advocacy.”

The DV Fraud Lab continues to monitor and shut down evolving fraud schemes across the open web, mobile apps, and streaming environments. With proprietary analytics tools, impression-level monitoring, and a global fraud lab, DV endeavors to ensure that brands and agencies can confidently protect their media investments.

Marketing Technology Insights: Bluegrass Network Selects Vonage to Elevate Customer Communication

Source – Businesswire

For media inquiries, you can write to our MarTech Newsroom at sudipto@intentamplify.com

Share With
Contact Us
StatCounter - Free Web Tracker and Counter