Study: 1 in 100 ad impressions come from malicious source

Dive Brief:

• About 1 in 100 ad impressions comes from a malicious or disruptive ad, a problem that’s magnified when internet users download several web pages during a single browsing session, according to findings from a new study by anti-malware software company Confiant shared with Marketing Dive.
• The worst sell-side platforms (SSPs) are 67 more times as likely to deliver a malicious or disruptive ad than average. More than 60% of in-banner video ads and security issues came from just three SSPs, per Confiant. SSPs typically aim to get the highest bids from advertisers in programmatic auctions of remnant ad inventory.
• Despite the occurrence of malicious ads, Confiant saw a drop in ad violation rates from Q4 2018 to Q1 2019. Confiant’s “Demand Quality Report for Q1 2019” benchmarks demand-quality issues such as malicious ads, low-quality ads and in-banner video ads to better protect the reputation, revenue and resources of advertisers.

Dive Insight:

Nefarious ad activity continues to dog marketers as perpetrators of ad fraud will cost them about $5.8 billion this year, per a report from the Association of American Advertisers (ANA). Confiant observed several trends for malicious or disruptive ads, including significant jumps in activity on three-day weekends. The company saw the biggest spike in malicious ads in Q1 over President’s Day weekend in February.

Last month, Confiant attributed a jump in fraudulent activity to eGobbler, a threat first seen during Thanksgiving, that exploited a vulnerability in the Chrome for iOS mobile browser to redirect iPhone and iPad users to adware, scams and other malicious sites. The bug let malicious code hidden in online ads to break out of sandboxed iframes, a technology to load ad slots, and redirect a mobile user to another site or show a popup in front of a real site. EGobbler generated about 500 million impressions while trying to redirect iOS users to malicious sites, Confiant said. The company reported the bug to Google for a fix. EGobbler, VeryMal and ScamClub are the worst offenders in “malvertising” campaigns, according to Confiant.

Media reports exposing mobile ad-fraud schemes have raised awareness among marketers that their ad buys are vulnerable. The number of fraudulent apps surged by 159% in 2018 from the prior year, per marketing measurement firm DoubleVerify. The IAB Tech Lab has worked to tackle mobile ad fraud by harnessing the collective expertise of technicians from wireless carriers, brands, ad agencies and programmatic ad platforms. In March, the group released the final version of its app-ads.txt specification for implementation among mobile ad platforms, and PubMatic began enforcing the standard soon after. As more apps adopt the standard, invalid traffic (IVT) rates likely will decline.