Essential Insights
- The NewsJunkie operation generated nearly two billion invalid CTV bid requests daily by spoofing device, app, and IP details, exploiting gaps in JavaScript-less CTV environments.
- Attackers used server-side spoofing and routing through residential IPs to mimic genuine household devices, evading origin-based detection.
- The scheme demonstrates that sophisticated ad fraud can blend seamlessly into legitimate supply chains, highlighting the need for full supply chain visibility to prevent such threats.
Threat, Techniques, and Targets
HUMAN Security’s Satori team uncovered a threat called NewsJunkie. It disrupted a complex scheme targeting connected TV (CTV) advertising. The attackers used different techniques to create fake high-volume bid requests. They spoofed device, app, and IP details through server-side scripting called SSAI. This made the traffic look like real household devices watching TV. The hackers also routed some traffic through residential IP addresses with forged CTV device info. This helped them avoid detection based on the source of traffic. The attack targeted the digital advertising supply chain. It aimed to flood the system with fake impressions appearing to come from genuine households. At its peak, NewsJunkie generated nearly two billion invalid CTV bid requests per day per seller.
Impact, Security Implications, and Remediation Guidance
The scheme caused massive amounts of invalid traffic in CTV advertising. This pollutes the supply chain and complicates campaign measurement. It also increases the risk of ad fraud, wasting ad budgets, and damaging trust in advertising data. The complexity of CTV environments makes detection difficult because many bid requests are server-side and lack JavaScript signals. The use of evasion tactics like residential IPs worsens the problem. As a result, organizations face a serious security challenge. They need full visibility into the entire ad transaction chain. If you suspect similar threats, you should consult your ad tech vendor or security authority for specific remediation steps. HUMAN Security’s researchers have disrupted NewsJunkie and recommend working with trusted partners to monitor for future adaptations.
Discover More Technology Insights
Dive deeper into the world of Cryptocurrency and its impact on global finance.
Explore past and present digital transformations on the Internet Archive.
ThreatIntel-V1
