First reported in April, Pareto is one of the biggest recent discoveries of a huge botnet that was made of compromised Android devices.
The scoop
Dubbed Pareto CTV botnet, the botnet was made of almost a million infected Android devices and imitated the activity of millions of people watching ads on their smart devices. The botnet-based fraud operation managed to generate nearly 650 million ad requests on an average each day.
Why does it matter?
The campaign was extremely elusive in 2020 and took advantage of the digital shift caused by the pandemic. It hid in noises and tricked technology platforms and advertisers into believing that ads were being displayed in connected TVs (CTVs). Moreover, the operators implemented sophisticated evasion tactics by constantly changing their spoofing techniques to design new guises for fake traffic.
What else?
Another different and yet connected operation was spotted on the Roku platform.
Approximately 36 apps on Roku Channel Store received instructions from the same C2 server that was operating nodes in Pareto.
Although these apps operated in the same fashion as the Pareto apps, it was quite smaller than the Android-focused campaign.
The bottom line
Although Google, Roku, Magnite, Omnicom Media Group, and The Trade Desk have taken down Pareto, the campaign makes us think about the evolving sophistication and scale of cybercrime operations. CTV offers brands and streaming services with massive opportunities to engage with customers through content. Thus, it is imperative that CTV brands come together to strengthen the collective cybersecurity posture to prevent such frauds.