I am also under attack. It started 2 days ago and my CTR from Unknown has skyrocketed close to 100%. I am afraid that this is an act of sabotage. The strange thing is that my app is not very popular at all. I have made quite a large revenue from the attack. I have written AdMob about this.
I started a thread before I noticed that others are also experiencing this problem.
Finally got a response from AdMob support 
So that means there are attacks on accounts and it’s not stats glitch… If I understand correctly.
I’d say more like attacks on their network.
The attacks can’t be app or developer specific as they have all been occurring at the same time.
I think attacks are specific, because not all of may apps are affected and for first time attacks started on different days. Only in next time all previously attacked apps was attacked on the same day (mostly because of new apps was added to hackers to do list).
You can’t attack on network in general, because network is made out of different developers/publishers so if you want attack network, then only option is to attack as many developers/publishers as you can.
Best case scenario: The persons behind this are trying to force admobs hand to either keep their oversensitive banhammer and show how terrible they are or force them to have a better system for dealing with click fraud.
To Oby and other people who only have some of their apps being targeted: do those apps have easier or quicker access to ads on startup than the apps that have been left alone? Maybe they have a bot opening an app, looking for an ad to click a few times, then moving on to another app.
No, they are using publisher ID for attacks, because my app analytic data was like usual, but in AdMob stats I got few thousands of ad clicks so they definitely not using apps for attack. Also it’s much easier to do attacks using publisher ID, because it’s quit easy to make script which decompiles apk files and then simply use some regexp functions to search for ID.
P.S. It’s quit interesting how they will determine if click was fraudulent or not 
Interesting. All my apps store the adUnitId within the java code, except one which stores it in the layout xml file.
The ones that store the ID in the java code is under attack, the one with the ID in the xml is not under attack.
Maybe this is just a coincidence, but is there anyone else with the same pattern?
Strange if they do not get the ID from the xml tho, that should be easier.
You should probably give this information to Admob. May help them.
What email address (or contact form) did you use to get that response?
I can’t imagine that you actually got a response from admob 0o
Well you could get the region of where the device is (sorry for that sentence but I am totally baked right now) and if it doesn’t return any, disable loading ads. The attacker could just use mock locations but maybe he’s just too stupid xD
I’d like to add a data point to support your theory - I haven’t seen this issue - and the admob ID is in the XML. Let’s see what others say here.
However others here have stated that the Unknown stats are proportional to their overall stats - so if it is an attacker how would they scale the level of their attack ?
If it is independent - there would be apps with Unknown stats dominating - unless they are picking apps with a respectable DAU (Daily Active User) base …
I used contact form: https://support.google.com/admob/contact/account_setup
It only took 10 days to respond 
For me stats from Unknown also are proportional. That also confuses me how attackers can scale their attacks.
10 days.
This is what they say on that support form page:
Due to the high volume of emails we receive, we only provide email support only for a limited set of issues that can’t be answered using our online resources. We may only reply if your answer cannot be found in the Help Center or Developers Forum
No mention of expected turn around time. 
After you send message you got information that they will respond in 48 hours
I am facing same issue. For a month, unusually high CTR % and no of clicks from ‘unknown’ source. Also noticed difference in actual and estimated earnings this time. Not sure if these are related but noticed ~4% difference in these earnings. Anyone experienced this in recent month?
Thanks.
Thanks. I don’t mind waiting 10 days if it saves my account :-).
The attacks on my account are also proportional to my stats. I think the attacker is trying to make it look like it’s the developer attempting to game the AdMob system.
One person has got response from Admob support: xda-developers - View Single Post - AdMob will ban me?
It’s me I wrote same thing her in previous page. 