Shadowbots expose fault lines in digital ad supply chain

New Delhi: AI-optimised targeting and attention-based metrics aren’t new to the digital advertising world, but a startling discovery has exposed just how fragile the foundations still are. 

Recently, DoubleVerify uncovered a massive botnet operation, codenamed ShadowBot, that spoofed over 35 million mobile devices and drained $2.5 million from advertiser budgets in just the first quarter of 2025. Even more unsettling is how unsophisticated the scheme was.

DV’s Fraud Lab identified ShadowBot as targeting mobile and Connected TV (CTV) inventory using automation tactics such as mobile emulators and falsified app IDs. Despite its broad impact, the operation included several detectable errors.

ShadowBot’s fatal flaws

ShadowBot relied on outdated Android emulators, spoofed app IDs, and anonymising proxy IPs riddled with abuse flags. DV’s Fraud Lab uncovered the operation by identifying a series of amateur but effective tactics: bulk traffic from default emulator resolutions (800x600), identical behaviour across “devices”, abnormally high ad impressions that defied seasonal logic, and impossibly fast app-switching patterns. In one example, a single fake device cycled through ten apps in nine minutes.

Despite these glaring flaws, ShadowBot managed to remain undetected across parts of the open web. “We’re talking about bots using the resolution of a 1990s CRT monitor and still managing to make millions. That's the wake-up call,” said Gilit Saporta, VP of Product, Fraud & Quality at DoubleVerify.

Experts sound alarm

Amit Relan, CEO & Co-Founder, MfilterIt warned ShadowBot as part of a wider and more dangerous trend. “The recent discovery of the ShadowBot operation serves as a reminder that even relatively simple fraud tactics can lead to significant financial exposure. But it also raises a larger issue: many of the more complex, less visible fraud mechanisms continue to operate without detection, quietly impacting marketing performance at scale. Today’s sophisticated fraud doesn’t just affect impressions or clicks; it often distorts the entire funnel. From skewed engagement metrics to invalid installs and low-quality conversions, this type of activity can mislead optimisation efforts and artificially inflate customer acquisition costs.”

“As the industry sharpens its focus on new metrics like attention and engagement, it's critical to ensure these signals are rooted in validated, human-led interactions. Otherwise, there’s a risk of building strategies on compromised foundations. The conversation needs to shift from surface-level fraud detection to a more comprehensive understanding of how invalid traffic and manipulated signals affect marketing efficiency and business outcomes over time," Relan said.

As per Prashant Puri, CEO of AdLift, programmatic remains the softest target. “Programmatic is most vulnerable due to scale, but mobile and CTV are also targeted because of high CPMs and weaker controls.”

While ShadowBot’s tactics may seem crude, experts agree it’s only a glimpse of what’s ahead. “This is just the beginning. ShadowBot was low-tech, but AI-driven bots are already emerging. Staying ahead will require equally advanced detection technologies, and advertisers must work with partners who use advanced pre- and post-bid verification, device-level validation, and behavioural analysis. Regular audits and third-party fraud monitoring are essential,” said Puri.

AdLift isn’t alone in sounding the alarm. Arjit Sachdeva, Co-founder and CTO, VDO.AI, said ShadowBot may have been unsophisticated, but it succeeded because the industry continues to operate in fragmented, often blind systems. Hence, fraud prevention can no longer be a siloed, reactive function. It must be embedded into every layer of the ad ecosystem. From standardised frameworks like app-ads.txt and sellers.json to collaborative signal sharing and aligned incentives, the industry must act in unison. “We don't believe this is a battle any company can fight alone. We’re actively sharing threat intelligence with our partners in real time and encourage broader collaboration across the ecosystem. Pre-bid filtering and industry alliances are a good foundation, but to truly outpace bad actors, we need a collective, intelligence-led approach that’s agile, AI-native, and constantly learning.”

“Fraud prevention begins at the platform level, but it cannot end there. In a connected ecosystem like digital advertising, fraud thrives in the cracks: between supply paths, across misaligned systems and in the absence of real-time collaboration. No matter how sophisticated a platform’s internal defences are, they will always face limitations if those efforts operate in silos,” Sachdeva added.

So, who benefits from such fraud?

According to Sachdeva, the real enablers of fraud are the opaque multi-hop supply chains that reward scale over quality. “Fraudsters themselves, and the unscrupulous publishers or resellers at the edge of the ecosystem, clearly profit when the chain is opaque. This broken model exists because opaque, multi‑hop paths reward quantity over quality. With no single party owning the accountability, every stop along the chain quietly takes its cut while advertisers absorb the loss,” he noted.

The takeaway 

The uncovering of ShadowBot is not just a fraud alert; it’s a referendum on the future of digital advertising. “As the digital ecosystem continues to scale through automation, the emergence of sophisticated fraud schemes like ShadowBot reinforces the critical importance of transparency, quality, and accountability in media,” said Wayne Tassie, Group Director, Netherlands at DV.

“Safeguarding advertisers from spoofed environments is not just technically challenging; it is fundamental to maintaining trust and investment integrity,” Tassie added.

Experts agree on a few essentials to fortify the digital advertising ecosystem against evolving threats. Behavioural intelligence, powered by real-time, AI-driven analysis, must become the new baseline for fraud detection. Cross-platform vigilance is equally critical, with CTV, mobile, and programmatic environments requiring always-on monitoring and deeper contextual scrutiny. 

The industry must also embrace radical transparency through widespread adoption of IAB frameworks and open standards like OpenRTB. Finally, ecosystem-wide collaboration, including real-time fraud signal sharing and aligning incentives around verified, high-quality media, will be essential to restoring trust and outpacing increasingly sophisticated fraud operations.