This week, a BuzzFeed News investigation (yes, they do that now) uncovered a sophisticated mobile ad fraud scheme involving hundreds of Android apps accounting for more than 100 million installs.

According to BuzzFeed reporter, Craig Silverman, a shady company called We Purchase Apps reached out to him and acquired one of his apps.  It later turned out that We Purchase Apps was responsible for potentially hundreds of millions of dollars in mobile ad fraud, which was funneled to a network of shell companies across Israel, Serbia, Germany, Bulgaria, and Malta.

One way the fraudsters find apps for their scheme is to acquire legitimate apps through We Purchase Apps and transfer them to shell companies. They then capture the behavior of the app’s human users and program a vast network of bots to mimic it, according to analysis from Protected Media, a cybersecurity and fraud detection firm that analyzed the apps and websites at BuzzFeed News’ request.

BuzzFeed News

BuzzFeed news claims the apps were purchased in order to track the behaviour of an app’s user base, which was then mimicked by a network of bots that were programmed to appear like organic users.

Millions of dollars in mobile ad revenue was allegedly generated by We Purchase Apps’ portfolio of apps, and this is just the tip of the iceberg for mobile ad fraud.

This particular fraud scheme was uncovered by data scientists at Pixalate, who discovered that mobile app MegaCast was sending ad requests with fake App IDs in order to attract higher bids. This meant ad buyers thought they were buying ads in far more popular apps when in reality they were showing up in MegaCast.

Pixalate released their findings in June of 2018 via this blog post, which claims that MegaCast alone was generating $75 million per year in fraudulent ad revenue.

BuzzFeed’s original reporting is far more in-depth, naming company owners, employees, and even mentions conversations with insiders with knowledge of the scheme.