DoubleVerify, a software platform to verify media quality, optimise ad performance, has released the discovery of ShadowBot, a fraudulent bot scheme that generated over 35 million spoofed mobile devices in Q1 2025 and cost unprotected advertisers an estimated $2.5 million (€2.1m) since the start of the year.

The DV Fraud Lab identified ShadowBot targeting mobile and Connected TV (CTV) environments using rudimentary automation techniques, including mobile emulators and spoofed app IDs. While the scheme was widespread, it was riddled with amateur-level mistakes, making it detectable for advertisers protected by DV’s advanced fraud-detection systems.

“ShadowBot shows that fraud doesn’t need to be sophisticated to be costly,” said Gilit Saporta, VP Product, Fraud & Quality at DoubleVerify. “It’s alarming to see $2.5 million lost to bots using resolutions of an old CRT screen we all used back in the 1990s. The fraud scheme operator didn’t even bother to match its fake device signals to a proper mobile device. We’re happy to know that DV clients remain safe, thanks to DV’s AI-powered Fraud Lab, which catches subtle deviations from normal user behaviour. That’s how we uncover the most sophisticated schemes out there, as well as the easier cases like ShadowBot.”

DV Fraud Labs identified five key red flags that uncovered ShadowBot:

1. Basic Automation Methods: ShadowBot used emulators that defaulted to screen resolutions (e.g., 800×600). This resolution is not typical for mobile devices.
2. Overly Aggressive Traffic Generation: The operation produced abnormally high impression volumes that didn’t align with seasonal trends.
3. Suspicious IP Activity: Fraudsters relied on anonymising IP proxies, provided by long tail entities. The digital footprint of these proxy providers was riddled with fake testimonials, broken URLs, and known abuse reports.
4. Lack of Behavioural Diversity: Devices showed identical impression counts, lacking the variability expected from real users.
5. Improbable Engagement Patterns: Devices appeared to open 10 spoofed apps in just 9 minutes – behavior impossible for actual users.

“We’ve found that emerging media types, including mobile and CTV environments, are especially susceptible to fraud due to limited visibility and rapid growth,” commented Lisa Toledano, who leads one of DV’s fraud detection teams. “Without consistent monitoring and adaptation, these high-value environments become easy targets. Protecting ad spend from these types of schemes requires an always-on approach.”

“As the digital ecosystem continues to scale through automation, the emergence of sophisticated fraud schemes like ShadowBot reinforces the critical importance of transparency, quality, and accountability in media,” added Wayne Tassie, Group Director – Netherlands, DoubleVerify. “Safeguarding advertisers from spoofed environments is not just technically challenging for DV, it is fundamental to maintaining trust, protecting brand equity, and upholding investment integrity for our customers and partners. In an increasingly complex and fragmented landscape, brands rely on us to ensure their media investments deliver genuine impact, fostering long-term, mutually beneficial partnerships and reciprocal advocacy.”

Other posts by :

1. SpaceX’s Starship to try again in August
2. Starlink sees “amazing growth”
3. The Advanced Television Podcast
4. India’s Ananth Tech challenges Musk, Bezos et al
5. Macron urges UK to commit to space investment
6. Bank upgrades AST SpaceMobile
7. Could Amazon buy into AST SpaceMobile?
8. Orbex in trouble?
9. Musk planning investment in South Africa

Categories: Articles, Mobile

Tags: CTV, DoubleVerify, fraud, mobile