DoubleVerify flags mobile, CTV ad fraud causing $2.5 million losses

DoubleVerify (NYSE: DV), a software platform for media verification and ad performance optimisation, has identified a fraudulent bot scheme named ShadowBot that spoofed over 35 million mobile devices in the first quarter of 2025, leading to estimated losses of $2.5 million for unprotected advertisers.

According to DoubleVerify’s Fraud Lab, ShadowBot targeted mobile and Connected TV (CTV) environments using basic automation tactics such as mobile emulators and fake app identifiers. Although the operation was widespread, it was marked by unsophisticated errors that made detection easier for advertisers using DV’s protection systems.

“ShadowBot shows that fraud doesn’t need to be sophisticated to be costly,” said Gilit Saporta, VP Product, Fraud & Quality at DoubleVerify. “It’s alarming to see $2.5M lost to bots using resolutions of an old CRT screen we all used back in the 1990s. The fraud scheme operator didn’t even bother to match its fake device signals to a proper mobile device. We’re happy to know that DV clients remain safe, thanks to DV’s AI-powered Fraud Lab, which catches subtle deviations from normal user behaviour. That’s how we uncover the most sophisticated schemes out there, as well as the easier cases like ShadowBot.”

Five key indicators that exposed the scheme

Basic Automation Methods: The bot used emulators with outdated screen resolutions, such as 800x600, atypical for modern mobile devices.

Overly Aggressive Traffic Generation: The operation generated a high volume of impressions not aligned with seasonal norms.

Suspicious IP Activity: The use of anonymised IP proxies from obscure providers showed signs of abuse, including fake testimonials and broken URLs.

Lack of Behavioural Diversity: Devices showed identical impression counts, lacking the variation associated with genuine user behaviour.

Improbable Engagement Patterns: Devices reportedly opened 10 spoofed apps in nine minutes—an unrealistic pattern for actual users.

“We’ve found that emerging media types, including mobile and CTV environments, are especially susceptible to fraud due to limited visibility and rapid growth,” said Lisa Toledano, who leads one of DV’s fraud detection teams. “Without consistent monitoring and adaptation, these high-value environments become easy targets. Protecting ad spend from these types of schemes requires an always-on approach.”

Wayne Tassie, Group Director – Netherlands at DoubleVerify, added: “As the digital ecosystem continues to scale through automation, the emergence of sophisticated fraud schemes like ShadowBot reinforces the critical importance of transparency, quality, and accountability in media. Safeguarding advertisers from spoofed environments is not just technically challenging for DV, it is fundamental to maintaining trust, protecting brand equity, and upholding investment integrity for our customers and partners. In an increasingly complex and fragmented landscape, brands rely on us to ensure their media investments deliver genuine impact, fostering long-term, mutually beneficial partnerships and reciprocal advocacy.”