HUMAN BLOG

NewsJunkie: The Supply Chain is the Crime Scene

Read time: 3 minutes

Imran Azad

July 9, 2026

Ad Fraud, Compliance, CTV, Threat Intelligence

Connected TV (CTV) is a premium, high-quality channel with high engagement, making it very attractive to advertisers… and fraudsters. Satori’s new investigation, NewsJunkie, is a case study of how sophisticated threat actors seek to exploit a fast-growing channel.

The operation is a CTV device-spoofing ring disguised as premium local news content on major CTV platforms. At its peak, it accounted for hundreds of millions to nearly two billion invalid CTV bid requests per day per seller. One particular local news app generated more than 42.2 billion bid requests, approximately 360 times the volume of the next-highest regional news app, with only 185 reviews on the app store.

There were two spoofing vectors involved in NewsJunkie:

These methods combined to flood the supply chain with impressions that appeared to be premium CTV inventory from genuine households, requiring end-to-end supply chain analysis to expose. 

Supply Chain as Detection

The IAB Tech Lab standards stack is a foundational framework of open-source protocols and guidelines that together create a verifiable chain of custody from publisher to buyer. They include:

A complete, unbroken supply chain with every node validated is the gold standard. Missing nodes, unauthorized sellers, and broken sequences are red flags.

NewsJunkie used “ephemeral sellers” (intermediaries that had been active in the programmatic supply chain for less than six months) to lengthen the supply path and obscure the flow of dollars. These sellers are not inherently fraudulent in and of themselves, but they signal risk, particularly when clustered. Many ephemeral sellers in NewsJunkie funneled through the same persistent hub seller before reaching buyers—a convergence that provides a fingerprint of a coordinated operation. Notably, the hops from ephemeral sellers to the hub and from the hub further down the supply chain were often sellers.json-authorized. Full end-to-end validation—every node, not just the last one—exposed the pattern.

The apps these sellers were transacting on were almost universally app-ads.txt unauthorized. That mismatch between what the bid request claimed and what the standards record showed was a key signal.

Calling in HUMAN Help

HUMAN’s Ad Fraud Defense integrates supply chain intelligence directly into its invalid traffic (IVT) protection platform—not as a separate compliance module, but as a unified view. The Compliance Dashboard helps in several ways, such as:

NewsJunkie is disrupted, but the tactics it used, including ephemeral sellers, supply path convergence, and app-ads.txt unauthorized inventory, are available to any threat actor willing to use them.

Spread the Word