Brazilian Ad Fraud Network Camu Hits 2B+ Daily Bid Requests

The global Internet helps just about everything to scale more easily, including piracy and ad fraud.

Earlier this year, a piracy network was fraudulently serving more than 2 billion online advertisements every day.
Camu (short for camuflagen in Portuguese), based out of Brazil,
trafficks in ad fraud
on a mass scale. At its peak earlier this year, it was processing around 2.5 billion bid requests daily across 132 domains. As HUMAN Security researchers describe in a new report, that equates to approximately the ad traffic generated by
the entire city of Atlanta, Georgia
.
HUMAN researchers have thrown a wet blanket over Camu since discovering it back in December 2023. Though its still active, its processing a measly 100 million bid requests daily.
The scheme works thanks to an entirely simple cookie-based redirection mechanism, which sends its users the movies and television shows theyre looking for, but pesky investigators to decoy sites.
Camus piracy websites offer a similar user experience to any other standard piracy or pornography sites. When a visitor arrives on the site and clicks on the content they wish to view, theyre redirected to a second domain hosting it, amid an onslaught of advertisements (so-called cashout sites).
Many of these advertisements are from perfectly honest companies that surely wouldnt want to be associated with illegal content, if they knew about it. To keep them in the dark, Camu employs a rudimentary mechanism for ensuring that only their target audience ends up on their cashout sites.
The actors in this operation are abusing a very important part of the Internet wherein a domain has the ability to load differently, depending on different parameters, explains HUMANs director of fraud operations, Will Herbig. If I go to a domain on my computer, as opposed to on my mobile phone, it might load the page differently, and thats OK. However, Camu is taking that and theyre abusing it in a way that is really hard to detect.
When a visitor to a piracy site gets redirected to a cashout site, theyre assigned a token. The token installs a cookie on their browser, which in a sense admits them to the cashout site with their content, and the ads.
Should anyone unwanted — say, a security researcher or an employee of an advertiser — arrive at the cashout domain via any other means, they would not possess that cookie, and therefore not be admitted to the site. Instead, theyd be redirected to a different, bland but ultimately innocuous site of one kind or another.
To obscure the relationships between its malicious domains and the piracy sites that serve them, Camu manipulates the information that would otherwise be transferred during the redirection process. Not only does it scrub any information alluding to the referring site, but it also adds false referral information to the landing domains URL, giving the appearance that a visitor landed there from a reputable site or search engine.
As Herbig is quick to point out, Besides Camu and
Merry-Go-Round,
were tracking seven other operations that have a smaller but similar magnitude that are doing this type of thing.
The business has always been made easy by the degree to which online ad buying is automated, with middleman exchanges programmatically trafficking inventory between legitimate advertisers and sometimes less than legitimate buyers.
Many companies only serve ads with companies that they have direct relationships with. Thats not completely foolproof, but that tends to be a safer way to do it. Herbig explains. However, he adds, the programmatic ecosystem is enormous. There are tens of thousands of publisher networks out there. Many of them are reputable, [however] there are threat actors that are trying to exploit this.
To cover for the problem introduced by middlemen ad exchanges, some advertisers turn to middlemen verification services. Unfortunately, some of these services have been shown to be
ineffective at best
.
Ad fraud continues to be
highest ever year after year
, both in
dollar amount
and percentage of ad impressions, laments independent ad fraud researcher Dr. Augustine Fou. We have a few, occasional cases like this one that expose a tiny, tiny, but representative example of ad dollars going to the wrong places, like piracy sites. But piracy sites pale in comparison to the other horrific places ads have been shown to go to.

Last News
▸ Enhancing Business Security Through Threat Intelligence ◂ Discovered: 26/12/2024 Category: security	▸ Fidelis expands in malware detection & analysis. ◂ Discovered: 26/12/2024 Category: security	▸ SMBs can enhance security via Cloud in 4 ways. ◂ Discovered: 26/12/2024 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Brazilian Ad Fraud Network Camu Hits 2B+ Daily Bid Requests