mFilterIt identifies a BOT, coded at ‘FaDe’, triggers invalid traffic & impacts advertisers

Coronavirus already has impacted the growth and revenue of the digital marketing industry. This includes marketing campaign and other activities to attain new users and maintain the existing one for apps and other digital services. In India, where a huge chunk of the population, more than 500 million users use smartphones to accomplish various tasks, thus which is why marketing companies are adopting mobile-first strategies.

So, while this pandemic period, the mFilterIt, a global fraud detection and prevention company has monitored and validates 150 million events a month, where it has discovered a BOT, that generates sophisticated invalid traffic (SIVT); this has been coded at ‘FaDe’ (Leveraging lean period in Smartphone sales, FaDe is being used to get new installs for advertisers). Thus, at least 6 large advertisers impacted as indicated by early results.

The key thing which noticed by the mFiltrIt, is this bot surge the organic traffic of the advertisers but because it has been coded incorrectly resulting in many (roughly 40%) installs being tracked as organic (instead of inorganic, which would generate revenue for the publisher).

This 40% resulted in organic traffic spiking for different advertisers, but with resulting transaction/install ratio’s taking a dip (since this bot was able to drive installs but not able to reach up to subscriptions). As per quick estimates, the BOTs would have already wasted around Rs 10 million each within a 15 day period of the identified advertisers.

The key trends analyzed include: –

  • The inorganic installs mainly detected in 4 smartphone brands Samsung, Xiaomi, Asus and Sony. These are not real users but BOTs simulating fake devices of these particular Smartphone brands.
  • A smaller ratio of the installs, in the effort to diversify the brands, are happening on Smartphones which are either not sold anymore or sell very less. Prominent among them include Micromax, Swipe, and iKall.
  • The new users are signing up on the app version which was launched in January by one of the advertisers. They had a couple of refreshes since then and the latest version was upgraded in April. However, the new signups of May from this bot were still happening on the January app version. The BOT was faking registrations as well as installs.
  • The signups from specific Smartphone models are from 3-4 generations old OS version as compared to what the brands are currently shipping their devices with.
  • In each case, the BOT used these to exploit the lower security available on these Android releases to run itself.
  • The BOT tries to balance and diversify itself and hence evades detection when using manual thumb rules or attribution platform checks.