An ad fraud scam called ‘Methbot’ has allegedly been costing online advertisers up to $5 million a day


Russian hacking operation
“Methbot” impersonates established websites and simulates human
traffic using fake mouse movements.

White Ops

A sophisticated Russian hacking operation dubbed “Methbot” has
been defrauding online video advertisers by producing massive
volumes of fraudulent non-human video advertising impressions, ad
fraud detection company White Ops has exposed according
to The
Wall Street Journal

It’s the single most profitable bot operation discovered to date,
White Ops says.

Cofounder and CEO of White Ops Michael Tiffany said “we’ve
never seen anything like this. Methbot elevates ad fraud to a
whole new level of sophistication and scale.”

White Ops published
a research report
exposing the hack and it explains in great
detail how the operation profits. Here’s how it works:

  • It creates spoof versions of the URLs (website addresses) of
    premium publishers, such as,,,, and
  • These web pages contain nothing more than what is needed to
    support an ad. The publisher’s server is never contacted.
  • Methbot then uploads a video ad to the fake page and “plays”
    it through a simulated browser.
  • To generate a monetizable impression of the ad, it then
    simulates a human with a “bot” — this is how it deceives ad fraud
    companies — the bot randomly interrupts the playback using fake
    mouse movements. It also uses social login information to
    masquerade as engaged humans, and it simulates clicks “in a
    randomly generated fashion to achieve a realistic rate.”

Publishers have been paying for this non-human traffic and White
Ops calculates that it’s costing them up to $5 million a
as it fakes up to 400 million “views” of video ads
per day.

Methbot generates the impressions using 250,267 distinct URLs
across 6,111 premium distinct domains, White Ops has observed,
and it uses several techniques to fool anti-fraud companies.



Methbot is the most
profitable hacking operation to be discovered.

White Ops

White Ops’ goal is to shut down Methbot, the report says: “At
this point the Methbot operation has become so embedded in the
layers of the advertising ecosystem, the only way to shut it down
is to make the details public to help affected parties take

The company is releasing all the IP addresses known to be
connected to Methbot, a falsified domain list, and a full URL
list “to show the magnitude of impact this operation had on the
publishing industry,” it says. Advertisers, agencies, and
technology providers would then be able to block the IP
addresses, preventing the ads from appearing on Methbot’s
simulated inventory. The information will be available to
download on its

from SAI