DoubleVerify exposes ViperBot, a new international fraud scheme

Mark Zagorski, Chief Executive Officer at DoubleVerify

DoubleVerify, (NYSE: DV), a software platform for digital media measurement, data and analytics, announced the discovery of ViperBot, a sophisticated advertising fraud scheme that has made attempts to steal over $8 million each month in ad spend across two of the industry’s most in-demand channels: connected television (CTV) and mobile video.

Are DoubleVerify’s clients safe from ViperBot?

Through ViperBot, fraudsters strip the code that verifies ad impressions and then redirect this code through real devices to hide the fraudulent activity in an attempt to go undetected.

While DV clients are currently protected from the scheme, it continues to spoof more than five million devices and up to 85 million ad requests per day, undercutting ad investments and performance when solutions that can protect against ViperBot are not implemented.

“ViperBot is one of the most sophisticated fraud schemes that DV has ever identified. The dynamic nature of fraud schemes underscores the fact that advertisers need a partner who is laser focused – and who operates independent of the media transaction to remain neutral when determining the quality of inventory,” said Mark Zagorski, CEO at DoubleVerify.

“Efficient media buying leads to better outcomes for brands. By uncovering ViperBot, we are able to give brands greater confidence in their investment while ensuring performance.”

What did DoubleVerify discover about ViperBot?

ViperBot relies on both the occurrence of verification stripping and verification redirection. Verification stripping is the removal of verification tags set by a measurement provider.

As this normally causes measurement discrepancies, fraud schemes that rely on verification stripping can regularly be identified by advanced measurement companies. DoubleVerify (DV), for example, has protected its customers against verification tag fraud for years.

With ViperBot, fraudsters have taken verification stripping to the next level. Fraudsters are not only removing verification tags from the ad being delivered – they are also reinserting them inside of cheap ad slots running on real devices in an attempt to prevent detection.

This makes it difficult for unsuspecting measurement providers to recognise the fraudulent activity. Upon identifying the new tactic, DV blocked the falsified impressions and ad requests. Although ViperBot ultimately affected verification tags from all verification providers, DV quickly detected and mitigated the scheme – ensuring protection for DV customers.

“As fraudsters continue to evolve and aggressively target high-value inventory types, measurement providers need to catch up. We’re seeing this happen in CTV and mobile inventory, where higher CPMs make it a more attractive target, but this new redirection tactic can be applied across many environments,” said Jack Smith, CPO, DoubleVerify.

DV’s tech is powered by the DV Fraud Lab, a team of data scientists, mathematicians and analysts from the cyber-fraud prevention community. The Fraud Lab relies on a variety of approaches to detect fraud — from AI and machine learning to manual review.

“The DV Fraud Lab is singularly focused on detecting, neutralising and mitigating new threats, giving advertisers much-needed campaign protection and performance. This is in service of our overall mission – to build a better advertising ecosystem for everyone,” added Zagorski.

To help educate and inform the broader industry of the ViperBot discovery and discuss mitigation, advertisers, publishers and platform partners can view DV’s findings here.