A new ad fraud scheme on connected TVs, called StreamScam, infected more than 28.8 million household IP addresses and saw roughly $14.5 million ad dollars stolen away over the last four months, according to a report from Oracle.

“Where advertising dollars go, criminals will follow, and rapidly-growing channels like CTV are presenting new opportunities for ad fraud and theft,” said Mark Kopera, head of roduct for Moat by Oracle Data Cloud, said in a statement.

The fraudsters built servers to send out fake ad impressions, tricking advertisers to buy media that wasn’t there. This practice of “spoofing” involving forging around 3,600 app IDs and 3,400 CTV IDs, along with millions of IP addresses, which are all signals used for ad targeting.

The CTV ad market is quickly growing. Ad spend in the medium is expected to total $8.11 billion by the end of 2020 and $11.36 billion in 2021, according to eMarketer. By 2024, total spend is expected to reach $18.29 billion, according to the research firm.

Fraudsters are targeting CTV because it’s a relatively unstandardized market that attracts big-spending advertisers. The cost per thousand impressions (CPM) of a CTV ad is typically in the $20-$25 range, while CPMs for desktop or mobile ads are significantly lower, usually in the low-single digits.

The IAB Tech Lab is trying to bring some safety protocols into the space. The group introduced technical specs that allow CTV media owners to list the digital sellers of their media: ads.txt and app-ads.txt.

The specs, which are already common in the desktop environment, is open for public comment until January 14, 2021.

“The Connected TV marketplace can be complex and requires a new approach to ads.txt to increase transparency among buyers and sellers. As Connected TV growth continues to skyrocket, having standards that support these formats is critical,’ Amit Shetty, senior director of product at the IAB Tech Lab, said in a statement.

StreamScam isn’t the first major CTV ad fraud scheme. Earlier this year, an operation across Roku devices, called Monarch, resulted in seven-figures of stolen ad dollars.

Most programmatic CTV deals are transacted via programmatic guaranteed or private marketplace environments. These give media owners more control of their inventory and advertisers more transparency into what they’re buying. Kopera told Adweek that spoofing in CTV is possible in any programmatic environment.

Still, advertisers typically avoid buying CTV ads in the open auction, since that’s where fraud mostly occurs.

“To me connected TV is inherently fraud free if you’re buying it the right way, which is directly from the end sellers, directly from the premium TV publishers, on pipes that are trusted. Where fraud really does get thrown in the mix is anybody buying in an open auction environment, which we never recommend our clients do,” Mike Fisher, vp of advanced TV and audio at Essence, previously told Adweek.