You might be aware that click fraud is a growing problem that affects anyone running a PPC campaign. But what is click fraud malware, and should you be worried about it?

If you’re reading this article, you might have stumbled upon it while researching common types of malware or click fraud. To get you up to speed quickly, click fraud is a practice where someone, or something, clicks on your PPC ad campaigns with the intention of diverting your advertising budget.

Malware, as you might be aware, is dodgy software that manages to install itself on your computer, often with the intention of spreading a virus or being a portal for command and control (c&c) attacks.

So what is click fraud malware? Well, it’s exactly what it sounds like. A Software that installs itself on your computer with the intention of using your machine to carry out click fraud. 

The basics of click fraud malware

First things first, what is a trojan? You might have heard the story about the Greek soldiers who infiltrated the city of Troy by hiding in a wooden horse, given as a present to the Trojans. Once they were safely in the city, the soldiers jumped out and massacred the citizens, ending a ten-year war. Hence the phrase, beware of Greeks bearing gifts, although these days, they’re more likely to be bringing some really nice olives or a bottle of raki.

A trojan is a type of virus, normally designed to look like something interesting, that installs itself on your computer. Once installed, it can then perform an automated action or be used remotely to carry out more malicious attacks. Command and control (c&c) attacks are where malware software can be accessed by a remote computer to carry out specific actions such as stealing information or running actions such as clicking on ads. These automated bots can be coordinated into a network and used to devastating effect.

Miuref and trojan.kovter are two versions of click fraud software that have been around for a few years now and are still widespread.

One of the most famous cases of these trojans being used was as part of the 3ve botnet, which was shut down in November 2018. Miuref and kovter trojans were used to access around 1.7 million computers worldwide and falsify clicks on PPC campaigns to the tune of $29 million.

Click fraud malware in 2019

Although the 3ve botnet attacks are some of the most high profile PPC software malware that has been discovered, the technology has been growing hugely in recent years.

Google’s online app store has been discovered to be harbouring 8 apps, as of early 2019, that have been downloaded over 2 billion times. These apps are thought to have been responsible for millions of dollars worth of click fraud and have managed to bypass Google’s Play Protect monitoring system.

In 2018, Google noted the return of the Chamois family of malware apps. These were previously thought to have been completely eliminated in 2017, but were found to have been downloaded over 200 million times in 2018. Chamois based apps are capable of stealing information, and performing both click fraud and SMS fraud.

Another Google based malware app is DrainerBot, which is thought to have been picked up over 10 million times. Nicknamed due to its capacity for devouring huge amounts of data, DrainerBot is used by fraudsters to hijack devices to watch videos. So along with advertisers losing their advertising spend, DrainerBot also racks up huge bills for users who are most likely unaware that the app is running.

iOS Malware

With all this Google Play Store malware, Apple users might be feeling a bit smug, but hold on… Although the App store is more tightly monitored and controlled than Google, there have been some well known breaches in recent years.

XCodeGhost was found to have infiltrated a number of popular apps in China, including WeChat, China’s version of Whatsapp. Apple phones were also found to have been breached by the Exodus spyware which, although it isn’t click fraud malware, has exposed the fact that Apple devices are open to malware attacks.

How does malware get on your device

The classic delivery for malware is as an attachment in an email, sometimes a word document or pdf, or an executable file. However, as more and more people have got wise to spam and dodgy attachments, so the malware distributors have had to find new ways to get you to download them.

In 2019, these are some of the main ways that click fraud malware can get on your PC, Mac or mobile device.

  • Cracked or free software from unverified sources
  • Through pop up adverts or landing pages, often saying ‘you’ve won’, or by offering ‘adult services’
  • By downloading codecs to watch free films
  • By streaming films or videos on suspicious sites
  • Through suspicious apps, or apps with lots of advertising embedded in them
  • Or, sometimes through verified apps too!

In short, malware normally comes from user actions which can be a result of carelessness, such as accidentally clicking an ad, or by seeking out software that seems too good to be true. Basically, aim to pay for your software and download it from a verified and trusted source.

Whos behind malware?

Although the image of coders and hackers is of some nerdy guy in his basement writing viruses to annoy people, the truth can be a little bit shadier. With a lot of money available to enterprising hackers, malware is increasingly built and run by criminal gangs. Methbot is one of the most famous ad fraud networks, estimated to be making around $3 million a day for Russian gangs.

By building PPC software malware, these gangs get to expand their reach and stay ahead of any attempts to shut them down. After all, if you’re making $3 million a day, you can afford to pay a few hackers to come up with some new malware software.

Some supposedly ‘legitimate businesses’ have been found to have been behind click fraud malware too. In fact, criminals were found to have set up 28 fake ad agencies in 2017 and then used them to buy around 1 billion fake ad views.

How to protect yourself from malware

The best way to avoid click fraud malware is by being cautious about what you download. Only ever download attachments from trusted sources, and avoid clicking on dodgy pop up adverts. As well as being vigilant and not clicking on ads or suspicious attachments, these steps will help you avoid downloading malware.

  • Keep your security software up to date
  • Use a firewall on your laptop or PC
  • Use complex passwords with mixtures of letters, characters and numbers and try to avoid using the same password for everything
  • Disable autoplay for downloads on your computer
  • Turn off or remove unnecessary software on your mobile or home devices
  • Turn off Bluetooth when not being used
  • Avoid suspicious sites that offer premium software or films for free, or ask you to exchange their codec or plugin
  • Choose the paid versions of apps, and avoid downloading imitation versions of popular apps

Advertiser worried about fraudulent malware clicks?

Click fraud malware is devastating for victims. It’s also harmful for advertisers that lose control of their campaigns and have their entire ad budget spent up by fraudsters. If you’re concerned about fraudulent clicks from click fraud malware, use ClickCease.

Our algorithms and smart software can protect advertisers just like you from infected computers. Even better is that we can protect your campaigns from suspicious computers that may be subject to malware. When talking about your ad budget, there’s no reason not to do everything in your power to protect it.