PARETO CTV botnet discovered by HUMAN, Google and Roku

Sophisticated fraud operation by the botnet consisted of nearly one million infected mobile devices impersonating millions of connected TV products and hundreds of billions of fake advertising requests.

A highly sophisticated botnet focused on defrauding the Connected TV (CTV) advertising ecosystem known as the PARETO botnet has been discovered by HUMAN (Formerly White Ops), together with Newly-Formed Human Collective and Google and Roku.

HUMAN  is a cybersecurity company that protects enterprises from bot attacks to keep digital experiences human. The cybersecurity company made the announcement of this discovery on 22 April.

According to HUMAN’s release, PARETO botnet is nearly a million infected mobile Android devices pretending to be millions of people watching ads on smart TVs and other devices. The botnet used dozens of mobile apps to impersonate or spoof more than 6,000 CTV apps, accounting for an average of 650 million ad requests every day.

HUMAN’s Satori Threat Intelligence and Research Team found the PARETO operation in 2020 and has been working with the HUMAN team to prevent its impacts to clients ever since. The operation is named for The Pareto Principle, an economics concept that dictates that 80% of the impact in any given situation is carried out by only 20% of the actors.

“CTV provides massive opportunities for streaming services and brands to engage with consumers through compelling content and advertising,” said HUMAN CEO and Co-Founder Tamer Hassan. “Because of this opportunity, it is incredibly important for the CTV ecosystem and brands to work together through a collectively protected advertising supply chain to ensure fraud is recognised, addressed and eliminated as quickly as possible.”

PARETO botnet worked by spoofing signals within malicious Android mobile apps to impersonate consumer TV streaming products running Fire OS, tvOS, Roku OS, and other prominent CTV platforms, HUMAN said in its statement. The botnet took advantage of digital shifts that were accelerated by the pandemic, hiding in the noise in order to trick advertisers and technology platforms into believing ads were being shown on CTVs. This particular approach is lucrative for fraudsters, as pricing for ads on connected TVs is often substantially higher than pricing on mobile devices or on the web.