We provided the application’s details, the SDK’s account ids and auto clicks we were able to reproduce so Facebook could decide how to react. After we, the Zimperium malware team, identified the CBA, we informed the Traffic Quality and Fraud team at Facebook about the malicious apps. One of the CBA’s methods tried to defraud the Facebook Audience Network. I also tried other auto clicking methods that can be used, but this post won’t technically specify any additional improvements for CBA activity. I tried several methods and after changing the CBA’s code, I determined what should be added in order to achieve an efficient CBA result. My recent CBA research identified several circumstances where the clicks can be identified and by which means. As a part of the z9 validation of the machine learning detection for malware, several Android Potentially Harmful Applications (PHAs) that were CBAs and part of a Malware Botnet that controls its CBAs activity were found.
Zimperium’s core machine learning engine, z9 for Mobile Malware, detects previously unknown malicious applications and zero-day exploits. And finally, there is Click fraud.Ĭlick fraud (CF) is a type of Ad fraud that abuses online pay-per-click advertising in which an advertiser pays a publisher when the ad is clicked and is big business for developers.Ĭonservative estimates from the Interactive Advertising Bureau attributes revenue from Ad fraud at 8.2 billion US Dollars, making it a top income generating cybercrime.Ĭlicking Bot Applications (CBA) use various methods in order to simulate user clicks to generate revenue, what Ads are to be targeted, how the CBAs are controlled by their command and control (C&C) server and how to avoid the detection methods that are commonly used against them.Īlthough those CBAs are utilized for a fraudulent financial gain at the expense of the advertisers and publishers, some of CBAs’ methods and functionality can easily be utilized for Ransomware, Spyware, and other Malware types. Ad fraud fraudulently represents online advertisement impressions, clicks, conversion or data events in order to generate financial gain for the developer. Installation-fraud achieves fake software installations. Phishing Malware phishes for your username, password or account numbers. Ransomware demands a ransom to decrypt your private digital data.
Cyber crime, like any crime, has its motives each malware has its own malicious profit.