Apollo Exposed: What 400M Fake Ad Requests Reveal About Fraud
At its peak, Apollo accounted for 400 million fraudulent bid requests per day, making it the largest audio-related ad fraud scheme ever detected. But what makes Apollo especially troubling isn't just the scale—it's how convincingly it mimicked legitimate traffic, exploited supply chain blind spots, and leveraged malware-infected CTV devices to obscure its origin.
I spoke with Will Herbig, senior director for AdTech Fraud Research & Strategic Customer Analytics at HUMAN, about the research. He explained that Apollo preyed on a fundamental weakness in server-side ad insertion, the technology used to serve seamless audio and video ads without interrupting user experience. With SSAI, advertisers receive limited telemetry—often just a user-agent string and an IP address—making it an ideal environment for spoofing.
Fraudsters behind Apollo reverse-engineered the ad request flows of legitimate apps, replicating their formats to impersonate real audio ad inventory. They even spoofed apps that shouldn't have been serving audio at all.
'One of the things that sparked this investigation was the question of, why are puzzle apps serving audio ads?' Herbig told me. 'At least in my experience, it's uncommon that a puzzle app or something like that is going to serve an audio ad.'
It was a subtle anomaly—but it set off a cascade of deeper analysis that ultimately exposed Apollo's intricate fabrication tactics.
Apollo's traffic wasn't generated by infected devices in the traditional sense. Instead, bid requests were fabricated wholesale—generated by script, spoofed to resemble real devices, and funneled through residential proxies to mask their true data center origins. Herbig emphasized that the scale Apollo operated at generated traffic equivalent to a the traffic of a mid-sized city like Stamford, Connecticut.
That scale was achieved in part thanks to BADBOX 2.0, a botnet of over a million compromised connected TV devices. Apollo traffickers leveraged BADBOX to route requests through residential IPs, making the traffic appear legitimate and difficult to trace. HUMAN had previously disrupted BADBOX, but its infrastructure was clearly still being exploited.
By layering spoofed app identities, forged device configurations, and residential proxy evasion, Apollo's operators built a fraud operation that slipped through many traditional defenses.
The real damage, however, was in how Apollo exploited programmatic advertising's fragmented supply chain. Many platforms only validate the final seller in a transaction—a check that Apollo often passed. But those 'authorized' sellers were frequently several layers removed from the spoofed origin.
'There can be non-compliance in earlier parts of the supply chain, and then as you get to later parts, things look valid,' Herbig said. 'Many implementations of these supply chain standards are only checking the last place that came from, so everything that happened before that is kind of out of scope.'
This phenomenon—what HUMAN refers to as 'supply chain convergence'—allows spoofed inventory to piggyback on authorized reseller pathways, creating a false sense of legitimacy. It's a loophole that remains dangerously under-policed in today's real-time bidding ecosystem.
HUMAN didn't just uncover Apollo—they helped dismantle it. Leveraging a predictive pre-bid scoring engine and an aggressive response strategy, the company saw a 99% reduction in Apollo-associated traffic across its platform.
'We are effectively demonetizing this supply,' Herbig said. 'By reducing the amount of bids that this inventory is getting… we're making it harder and harder for fraudsters to profit.'
The broader goal, Herbig explained, is to make ad fraud uneconomical at scale. Each operation disrupted increases the operational cost for cybercriminals. Every layer of complexity—whether it's a disrupted proxy network, stricter supply chain checks, or tighter SDK enforcement—raises the barrier to entry.
One of the strongest weapons against operations like Apollo isn't just technology—it's collaboration. HUMAN has leaned heavily into this strategy through its Human Collective, a multi-stakeholder initiative aimed at threat sharing and collective protection.
According to Herbig, 'One of the great things we're doing is threat sharing. When we are observing concentrations of IBT, we are discussing that with the Human Collective, and we're using it as a forum for collaboration and a forum for discussion.'
By sharing intelligence, surfacing patterns, and coordinating responses, HUMAN and its partners are creating a ripple effect across the programmatic ecosystem. The goal isn't to eliminate fraud entirely—it's to tip the cost-benefit equation against the fraudsters.
As Herbig put it, 'We're trying to disrupt the economics of cybercrime… to the point that it becomes not worth it.'
Apollo is a milestone—not just in the scope of audio ad fraud, but in how the industry responds to it. The findings call for stronger adoption of third-party verification tools like the Open Measurement SDK, more rigorous end-to-end supply path validation, and above all, tighter industry-wide collaboration.
Audio may be one of the newest frontiers in ad fraud, but it doesn't have to be the most vulnerable. With vigilance, transparency, and cooperation, the industry has a fighting chance to turn down the noise and restore trust in programmatic audio.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Bloomberg
11 hours ago
- Bloomberg
Del Monte's Creditor Settlement Was the Last Straw
Welcome to The Brink. This is Reshmi Basu in New York and Steven Church in Wilmington, and we've outlined the events that led Del Monte to file for bankruptcy. We also have news on private credit distress and Apollo's Kem One. Follow this link to subscribe. Send us feedback and tips at debtnews@ In its ongoing effort to avoid bankruptcy, the canned fruit and vegetable giant, Del Monte Foods, has cut agreements with lenders and taken on a number of loans over the last several years.
Yahoo
14 hours ago
- Yahoo
Here's Why The Trade Desk (TTD) Traded Down in Q1
Parnassus Investments, an investment management company, released the 'Parnassus Mid Cap Growth Fund' first quarter 2025 investor letter. A copy of the letter can be downloaded here. The Russell Midcap Growth Index fell 7.12% in the first quarter, starting with a continuation of the late 2024 rally but later experiencing a sharp decline. The Fund (Investor Shares) fell -9.98% (net of fees) in the quarter, compared to the Russell Midcap Growth Index's -7.12% fall. Stock selection in Consumer Discretionary and Industrials contributed to the relative performance, while Communication Services and Health Care detracted. In addition, please check the fund's top five holdings to know its best picks in 2025. In its first-quarter 2025 investor letter, Parnassus Mid Cap Growth Fund highlighted stocks such as The Trade Desk, Inc. (NASDAQ:TTD). Headquartered in Ventura, California, The Trade Desk, Inc. (NASDAQ:TTD) is a technology company that offers a self-service cloud-based ad-buying platform. The one-month return of The Trade Desk, Inc. (NASDAQ:TTD) was 4.64%, and its shares lost 25.19% of their value over the last 52 weeks. On July 3, 2025, The Trade Desk, Inc. (NASDAQ:TTD) stock closed at $74.41 per share, with a market capitalization of $36.568 billion. Parnassus Mid Cap Growth Fund stated the following regarding The Trade Desk, Inc. (NASDAQ:TTD) in its Q1 2025 investor letter: "The Trade Desk, Inc. (NASDAQ:TTD), a digital advertising technology platform, detracted after missing guidance for the first time since going public. While the company faces concerns over rising competition from Amazon, we maintain our conviction in the company's leading technology and its independent platform." A large array of computer screens and tech equipment representing the technology company's self-service cloud-based platform. The Trade Desk, Inc. (NASDAQ:TTD) is not on our list of 30 Most Popular Stocks Among Hedge Funds. As per our database, 61 hedge fund portfolios held The Trade Desk, Inc. (NASDAQ:TTD) at the end of the first quarter compared to 63 in the third quarter. The Trade Desk, Inc. (NASDAQ:TTD) reported revenue of $616 million in Q1 2025, representing an increase of 25% from Q1 2024. While we acknowledge the potential of The Trade Desk, Inc. (NASDAQ:TTD) as an investment, our conviction lies in the belief that AI stocks hold greater promise for delivering higher returns, and doing so within a shorter timeframe. If you are looking for an AI stock that is as promising as NVIDIA but that trades at less than 5 times its earnings, check out our report about the undervalued AI stock set for massive gains. In another article, we covered The Trade Desk, Inc. (NASDAQ:TTD) and shared the list of best NASDAQ growth stocks to buy for the next 3 years. In addition, please check out our hedge fund investor letters Q1 2025 page for more investor letters from hedge funds and other leading investors. While we acknowledge the potential of TTD as an investment, we believe certain AI stocks offer greater upside potential and carry less downside risk. If you're looking for an extremely undervalued AI stock that also stands to benefit significantly from Trump-era tariffs and the onshoring trend, see our free report on the best short-term AI stock. READ NEXT: The Best and Worst Dow Stocks for the Next 12 Months and 10 Unstoppable Stocks That Could Double Your Money. Disclosure: None. This article is originally published at Insider Monkey. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Newsweek
17 hours ago
- Newsweek
Cadillac F1 Reportedly Plans Driver Talks at Silverstone, Red Bull Driver Shortlisted
Based on facts, either observed and verified firsthand by the reporter, or reported and verified from knowledgeable sources. Newsweek AI is in beta. Translations may contain inaccuracies—please refer to the original content. The Cadillac Formula One team is all set to hold discussions with various F1 drivers this weekend at the British Grand Prix at Silverstone, according to a report from RacingNews365. The aim is to shortlist two drivers for the 2026 season, and a report has confirmed that Red Bull driver Yuki Tsunoda is one of the names on Cadillac's radar. The second American outfit is all set for its F1 debut in 2026, and while it progresses with its operations in full swing to develop a fast car for the new era of regulations, the team's focus seems to have shifted to hiring drivers. While Cadillac's preference for a young American talent alongside a seasoned F1 driver is known, the team is likely keeping all options open at this stage. Tsunoda's Red Bull contract expires at the end of 2025, and with no extension in sight, the Japanese driver may also be exploring opportunities coming his way. Yuki Tsunoda of Japan driving the (22) Oracle Red Bull Racing RB21 makes a pitstop during the F1 Grand Prix of Austria at Red Bull Ring on June 29, 2025 in Spielberg, Austria. Yuki Tsunoda of Japan driving the (22) Oracle Red Bull Racing RB21 makes a pitstop during the F1 Grand Prix of Austria at Red Bull Ring on June 29, 2025 in Spielberg, reported links to Sergio Perez and Valtteri Bottas have made headlines recently. Now, several senior executives of the team will be present at Silverstone for discussions with other drivers, such as Jak Crawford, Jack Doohan, Zhou Guanyu, and Felipe Drugovich. It is also understood that Bottas will have another round of discussions with the sport's eleventh team. Cadillac has been streamlining its operations to ensure its arrival on the F1 grid in a few months, and team principal Graeme Lowdon revealed that the team has adopted a management structure inspired by NASA's Apollo project. The flat management model will aid Cadillac in managing operations from multiple locations in the USA and the UK. Newsweek Sports reported his comments: "It's very similar. OK, we're not putting a man on the moon, but it feels like it sometimes. "If you look at the task in hand, we've got immovable deadlines. We've got a massive necessity for peer-to-peer interaction. "So we need engineers talking to engineers. We need an engineer here [in Silverstone] talking to an engineer in Charlotte [North Carolina] and another one in Warren, Michigan, or eventually in Fishers [Indiana, where Cadillac U.S. racing headquarters is being constructed]. And so we've looked to have a very, very flat management structure. "We've leaned heavily on the management structures that were used for the Apollo project. It's super interesting and I don't know if other teams have used that before. "You always look around to get inspiration from how other people have tackled things. And I just thought that there was some good learnings from that. "Is it the equivalent of putting a man on the moon? I don't know about that. But what strikes me is it's quite a difficult task." He added: "So instead, it's a kind of a different structure where it's mission control instead of command and control. So you have this really flat structure. Engineers are able to talk directly to each other. And the thing that's heavily imparted on them is the mission itself. Everyone knows what the mission is. They know what needs to be done. "So far it works. You know, the proof of the pudding is going to be in whether the car's quick."
