Experts Find Botnet Disguised as Millions of People Watching TV

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.

Illustration for article titled Researchers Take Down Botnet Pretending to Be Millions of People Watching TV

Photo: Justin Sullivan (Getty Images)

Fraudsters operate off the assumption that it’s way more profitable to think up byzantine ways to cheat people out of money than it is to just, like, work hard and ask for a promotion occasionally. For instance: an Israeli tech company is currently accused of using a very convoluted method to screw advertisers out of buttloads of cash by pretending to be a bunch of people watching TV.

TopTop Media, a subsidiary of Tel Aviv-based M51 Group, bills itself as a tech company focused on solutions for app developers and advertisers. It promises to employ “real-time optimization and user profiling” in order to leverage data it gathers from its “ongoing media acquisition activities” and, you know, deliver profits somewhere in there. However, according to new research from security firm HUMAN, TopTop’s “solutions” are less than desirable.

In an elaborate scheme, the company allegedly created 29 malicious Android apps and then snuck them into the Google Play Store and third-party stores, managing to quietly infect close to a million devices with malware. The infected devices were then allegedly used to build an ever-growing botnet that fraudulently spoofed connections to streaming-TV platforms all over the world, thereby generating illegitimate ad revenue.

In other words, like other ad fraud, the scheme sought to bilk elements of the advertising ecosystem that pay for the opportunity to show ads to consumers. Because advertisers will pay streaming apps for the opportunity to use their platforms to display ads, generating the appearance of being an app like this can get you, in the immortal words of Dire Straits, money for nothing. Thus TopTop’s malicious apps used spoofing sorcery to fool ad exchanges into believing they were just such streaming apps, active on smart TV products from Apple, Amazon, Google, and others— thereby generating the appearance of “millions of people watching ads on smart TVs and other devices,” researchers say. 

The dozens of apps involved in the alleged scam all linked back to the same command and control server. While designed to appear harmless (such as the innocuous-looking flashlight app pictured…