Ad Fraudsters Exploited Grindr In A Scheme Targeting Roku Apps

In just the past three weeks, Grindr, the popular gay dating app, has been slammed by the Norwegian Consumer Council for exposing users' personal information, suspended from Twitter's ad network as a result of that investigation, and alleged to have been the way a Michigan hairstylist met the man who brutally murdered him.

Adding to those concerns is new research showing that the company's Android app was exploited by ad fraudsters in a scheme that stole money from advertisers — and drained the phone batteries and depleted the data plans of Grindr's users.

Amin Bandeali, CTO of Pixalate, the Palo Alto ad fraud detection firm that identified the scam, said Grindr was likely targeted because of its large user base.

“If I'm a fraudster, I would love to target an app that has a lot of user engagement. These dating apps — users are on them constantly,” he told BuzzFeed .

Along with Grindr, the scheme exploited Roku apps and devices. Brands are projected to spend $7 billion this year to show ads on connected devices, like Roku, and over-the-top media services, which are streaming platforms like Hulu. Yet close to a quarter of that money will be stolen by fraudsters, according to data from Pixalate.

“This scheme is just one example in the universe of [over-the-top] fraud,” Pixalate CEO Jalal Nasir told BuzzFeed News. Pixalate dubbed the scheme “DiCaprio” after seeing that word used in a file containing some of the malicious code.

“DiCaprio is one of the most sophisticated OTT ad fraud schemes we have seen to date,” Nasir said.

A Grindr spokesperson told BuzzFeed News the company wasn't aware of the scheme prior to being contacted for this story but was “taking steps to address it and are continually working to implement new strategies to protect our users.”

“Grindr is committed to creating a safe and secure environment to help our community connect and thrive. Any fraudulent activity is a clear violation of our and conditions and something we take very seriously,” the spokesperson said.

Tricia Mifsud, Roku's vice president of communications, said brands need to take steps to protect themselves when they purchase OTT ads using open exchanges rather than buying direct from publishers or platforms.

“We recommend that OTT ad buyers buy directly from Roku or publishers on the platform. When buying from other sources and especially open exchanges, the buyer may be better served to use technology that can help with verifying the source of the ad requests,” she said.

Ad spoofing

Here's how the scheme worked: A normal banner ad was bought on Grindr's Android app. The fraudsters then attached code that disguised the Grindr banner ad to look like a Roku video ad slot. This fake ad space was sold on programmatic advertising exchanges, the online marketplaces where digital ads are bought and sold. Making one ad unit look like another is called spoofing, and it has been a problem for years. This attack is similar to one revealed by BuzzFeed News and detection firm Protected Media last year. In both cases, cheap banner ads were used to resell more expensive video ads.

Nasir said this kind of video ad can cost as much as 25 times that of a mobile banner ad: “So that's very lucrative for someone to make quick money — and a lot of it.”

These video ads did not appear in the Roku app and were never seen by humans. But the ad tech middleware vendors who facilitated the ad placement still took their cuts.

CEO Nadav Slutzky denies involvement, telling BuzzFeed News this type of spoofing has occurred on his ad platform in the past and that he has refunded advertisers when fraud was detected.

“In August 2019, one of our advertisers brought to our attention that some of the traffic we were sending him was suspected of being fake. We immediately worked to locate the traffic sources and stopped working with this supply, in addition to not paying them for this traffic,” he said. “We do everything in our power to battle fraudulent traffic including using third-party verifications tools. We as a mediator have suffered the most from this kind of activity and will do anything in our power to stop it, including developing inside tools to fight this.”

Slutzky said the section of code referencing AdservME, and the use of an Austaras banner, was standard code used by his company and was copied by the fraudsters.

Slutzky said that the DiCaprio fraudsters, whom he could not identify, chose to spoof his SnowTV apps because they appealed to advertisers.

He said his company “spent countless hours building our apps and marketing them to get them to a place we are proud of. The fact that they are whitelisted by many advertisers made them a target for whoever wrote the code you showed me.”

The malicious code was hosted on alefcdn.com, a that was taken offline within minutes of BuzzFeed News emailing Slutzky, Grindr, and SpringServe, a company exploited by the scheme. Slutzky said his company does not own alefcdn.com and that the code is not his.

“This code is not our code — it's the first time I'm seeing this code,” he said. He said alefcdn.com was offline when he tried to visit it.

“Upon receipt of the recent information provided by BuzzFeed and our own internal investigation, SpringServe has concluded that the activity in question was highly suspect and has immediately suspended this company from utilizing its platform,” SpringServe CTO David Buonasera told BuzzFeed News. “This issue underscores the need for greater industry communication and cooperation to prevent invalid inventory.”

Slutzky said any suspicious activity on its SpringServe account was the result of someone misusing his company's service.

“We serve billions of requests a day on our ad servers. It's unavoidable that as a middleman a portion of this will be fraudulent. We do everything in our power to avoid this and stop this,” he said.

Nasir, Pixalate's CEO, said the DiCaprio scheme highlights how a lack of standards and measurements for ads on internet-connected TVs and over-the-top services has let bad actors run wild.

“This makes it the right breeding ground for a fraudster to come and exploit, even with minimal effort,” he said.

Leave A Reply

Your email address will not be published.