DoubleVerify has identified a new Connected TV (CTV) advertising fraud scheme, dubbed “SmokeScreen,” which caused screensavers to hijack CTV devices to generate impressions — even when the screen is off.
Once an end-user installs the fraudsters’ malicious screensaver, SmokeScreen generates impressions en masse using falsified data and allowing the bad actor to continuously run impressions in the background.
SmokeScreen operates various fraudulent apps that offer screensavers to users. Although the users themselves
are downloading these apps, they are unaware that the screensavers provided through the apps are being
employed to falsify ad traffic.
SmokeScreen primarily targets users with external CTV devices. These devices are not built into the CTV console and, therefore, require a separate power source from the screen/TV itself. Even after a user has turned their TV
screen off, the CTV device remains on. Because of this, SmokeScreen is able to continue serving ads after a user
has stopped watching their device.
The user has no idea ads are being continuously served on the device, even when the CTV screen is off. On average, the typical hijacked device generates three times the impression volume of its legitimate counterpart.
While DV has neutralized SmokeScreen for its clients and partners the scheme remains active on unprotected CTV platforms and advertiser campaigns, impacting nearly 10,000 devices daily and generating up to 10 million fraudulent requests each day. At an average of $20 CPM across CTV, each month SmokeScreen generates more than 300 million ad requests, valued at over $6 million — defrauding advertisers and publishers alike.
“CTV ad fraud doesn’t just impact advertisers,” said Roy Rosenfeld, Head of DV’s Fraud Lab. “It’s harmful for the entire ecosystem — siphoning revenue from high-quality CTV publishers and app developers, as well as streaming platforms.”