Generate Fraudulent Advertising Revenue

An adversary could seek to generate fraudulent advertising revenue from mobile devices, for example by triggering automatic clicks of advertising links without user involvement.

ID: T1472
Sub-techniques:  No sub-techniques
Tactic Type: Post-Adversary Device Access
Tactic: Impact
Platforms: Android, iOS
Version: 1.0
Created: 25 October 2017
Last Modified: 03 July 2019

Procedure Examples

Name Description
Agent Smith

Agent Smith shows fraudulent ads to generate revenue.[8]

Gooligan

Gooligan can install adware to generate revenue.[3]

HummingBad

In July 2016, HummingBad generated more than $300,000 per month in revenue from installing fraudulent apps and displaying malicious advertisements.[1]

HummingWhale

HummingWhale generates revenue by displaying fraudulent ads and automatically installing apps. When victims try to close the ads, HummingWhale runs in a virtual machine, creating a fake ID that allows the perpetrators to generate revenue.[4]

Judy

Judy uses infected devices to generate fraudulent clicks on advertisements to generate revenue.[2]

SimBad

SimBad generates fraudulent advertising revenue by displaying ads in the background and by opening the browser and displaying ads.[7]

Triada

Triada can redirect ad banner URLs on websites visited by the user to specific ad URLs.[5][6]

Mitigations

Mitigation Description
Application Vetting

References