DrainerBot fraud update: Full mobile fraud protection for IAS clients

Feb 28, 2019

What happened:
On February 20th, Oracle announced the discovery of a major mobile ad fraud operation known as DrainerBot. The bot uses malicious code from the Tapcore SDK on Android devices to deliver fraudulent and invisible video ads to the device defrauding advertisers and consuming large amounts of consumer data and draining the phone’s battery.

What you need to know:
Based on our analysis of the DrainerBot operation and the information released by Oracle and TAG last week, we can confirm that IAS clients using our fraud solution were fully protected from this attack or any related fraudulent activity.

Our team has been conducting a thorough investigation pf app activity to determine whether our clients were directly affected by the DrainerBot scheme. Our investigation showed bot activity using hidden browsers to deliver fraudulent invisible videos on spoofed URLs to mask what was happening. Those fraudulent impressions appeared in mobile web DSP inventory and not in mobile app inventory. That means we can confirm IAS clients advertising through mobile app channels were not affected by this scheme.

What we recommend:
Since mobile app inventory is not at risk, and because the same app can be available in different versions and from multiple stores, IAS does not believe those apps should be blacklisted by verification providers. Blacklisting the apps would only punish developers, who were not at fault, and deprive advertisers of an opportunity to reach many authentic users of those popular apps.

We believe that the right way to protect advertisers against the threat is to provide high quality mobile web coverage that detects fraudulent mobile web inventory. Oracle did not disclose the list of spoofed URLs, so we are limited in our ability to conduct a more detailed analysis of those specific sites. However, both hidden browsers and domain spoofing are two of the classic fraud schemes that are addressed by IAS solutions.

The infected apps are already removed by Google from its store, which is a step towards safeguarding the interest of Android users. Our Threat Lab is continuing to study this bot operation to ensure we’re aware of any additional developments. We are consistently feeding this data back to our systems to make our fraud detection models more intelligent, so we detect the abnormality in data to safeguard our clients and their investments.

From our partners at TAG
“IAS and their team of data scientists have been leaders in the fight against ad fraud for years and close partners with TAG in establishing industry standards to drive trust and transparency across the digital ecosystem,” says TAG CEO Mike Zaneis. “We applaud the IAS FraudLab for their innovative work through intensive research to stay ahead of the industry and provide comprehensive coverage to their clients against threats like the DrainerBot operation exposed last week.”

For further information, reach out to

Press Contact

If you are a member of the press and are interested in covering us, please reach out at