Security News > 2021 > April > Massive Android Botnet Hits Smart TV Ad Ecosystem
Security researchers at Human Security have discovered a massive botnet of Android devices being used to conduct fraud in the connected TV advertising ecosystem.
The sophisticated mobile botnet, dubbed Pareto, is made up on nearly a million infected mobile Android devices pretending to be millions of people watching ads on smart TVs and other devices.
Human Security said the botnet used dozens of mobile apps to impersonate or spoof more than 6,000 CTV apps, accounting for an average of 650 million ad requests every day.
The Pareto botnet worked by spoofing signals within malicious Android mobile apps to impersonate consumer TV streaming products running Fire OS, tvOS, Roku OS, and other prominent CTV platforms.
Human Security researchers found that the botnet took advantage of digital shifts that were accelerated by the pandemic, hiding in the noise in order to trick advertisers and technology platforms into believing ads were being shown on CTVs. "This particular approach is lucrative for fraudsters, as pricing for ads on connected TVs is often substantially higher than pricing on mobile devices or on the web," the company said.
"That server, called a command-and-control server, sends instructions out to all of the phones that have been infected, and those phones then carry out the activity. These Roku apps, in a similar fashion to the Android-based Pareto apps, were spoofing other smart TV and consumer streaming products," according to a technical report on the botnet.