The looming threat in your mobile app install campaigns
”The mobile advertising landscape has long prized both performance and trust. Recent findings, however, reveal a major trust breach—one hiding in plain sight, veiled within sources considered the safest in the business. Today, we pull back the curtain on what I’m coining Monolith Fraud, a sophisticated operation siphoning millions from app install campaigns across the industry.
Grant SimmonsVP, Kochava Foundry
How the Monolith Scam Works: Real Device, Fake User
Unlike garden-variety click farms, Monolith Fraud utilizes virtual machines (VMs) that meticulously mimic real devices. These VMs are programmed to emulate authentic install behaviors: downloading apps, opening them, and even faking app usage patterns. What sets them apart? Their attempts at sophistication—but also the shortcuts fraudsters take that expose their schemes.
Kochava’s team uncovered that these VMs create app install traffic that on the surface appears legitimate. However, when examined with high-resolution data, telltale patterns emerge. Here are some illustrative highlights (albeit not comprehensive):
- Constrained device signals: Fraudulent installs often report unusual consistency in device parameters, such as identical battery level, screen brightness, and device volume. Real user devices naturally produce diverse data, whereas VMs operate in bulk with rigid, non-random settings.
- Zombie installs: Most fraudulent installs skip critical steps like registering or even opening the app, a step real users routinely take but bots avoid.
- Suspicious install timing: These installs tend to occur in tightly packed, sequential clusters, with timing and fingerprint patterns never exhibited in organic user behavior.
Fraud From the Unlikeliest Source
What makes Monolith Fraud particularly alarming is its origin. Rather than coming from suspect ad networks or relatively unknown partners, this fraud is emanating from within the publishers and sub-publishers inventory network of a major, self-attributing, owned & operated super publisher. In other words, a source the entire industry is conditioned to trust.
These platforms have long been the gold standard for transparency and authenticity. Now, however, fraudsters are adapting—exploiting even these upper-echelon traffic sources. This signals that the safety net the industry has relied upon for years may no longer exist.
The Financial Toll: Up to 55% of Budgets at Risk
For brands and developers, the cost is staggering.
On a cohort of impacted brands, Monolith Fraud consumed as much as 22% to 55% of total app install spend. For some leading brands, in the worst cases, more than a third of ad budget was routed to fraudulent installs.
Top-line summary from Kochava’s platform-wide audit:
- For one major brand, the reasonable estimate of fraudulent activity reached nearly 68%.
- For others, routine fraud rates between 11–34% have been observed.
This is not theoretical—it’s real money, draining from marketing budgets with every passing day.
Why Only Kochava Caught This: The Power of Data Resolution
Kochava is the first and only mobile measurement partner (MMP) to bring this Monolith Fraud to light. Why? Kochava’s unique data collection and retention strategy: Instead of discarding “redundant” event and install data—as many other MMPs do to save on data storage costs—Kochava stores granular device signals, event timings, and user engagement data. This enables us to dive in and explore subtle anomalies that other solutions overlook. Compounding the matter is the fact that walled-garden super publishers don’t share all impression and click signal data—only the records for one-to-one conversion claims. This lack of holistic data stifles fraud prevention methodologies that observe anomalous ad signal indicators.
Our proprietary modeling capabilities surfaced
- Sequential installs with clone-like device fingerprints
- Unnatural distributions of install data
- Deviations in standard user engagement metrics (e.g., mobile number registration, post-install activity)
No other MMP offers comparable historical depth or real-time forensics, which is why this threat remained invisible to the rest of the industry.
What to Look For (and What to Do)
Monolith Fraud is not a rare anomaly. It’s a growing, silent epidemic.
If you’re observing
- Unexplained dips in retention
- Lower engagement and registration rates
- Unusual device parameter consistency or rapid-fire installs
Don’t ignore it!
These could all be red flags—especially if you’re running campaigns with premium, owned & operated network placements.
Don’t wait for the losses to snowball. If you suspect your campaigns may be the next target—or simply want confidence that your spend is protected—reach out to Kochava today.
We’re ready to help you
- Investigate and quantify potential Monolith Fraud
- Recover lost spend through publisher negotiations
- Deploy new defenses to stop Monolith Fraud in its tracks
- Ensure that your app campaigns are truly as safe—and effective—as they should be
For more technical background or specific case studies, visit kochava.com/foundry/ or email foundry@kochava.com.
