The sub-techniques beta is now live! Read the release blog post for more info.

Generate Fraudulent Advertising Revenue

An adversary could seek to generate fraudulent advertising revenue from mobile devices, for example by triggering automatic clicks of advertising links without user involvement.

ID: T1472
Tactic Type: Post-Adversary Device Access
Tactic: Impact
Platform: Android, iOS
Version: 1.0
Created: 25 October 2017
Last Modified: 03 July 2019

Procedure Examples

Name Description

Gooligan can install adware to generate revenue.[3]


In July 2016, HummingBad generated more than $300,000 per month in revenue from installing fraudulent apps and displaying malicious advertisements.[1]


HummingWhale generates revenue by displaying fraudulent ads and automatically installing apps. When victims try to close the ads, HummingWhale runs in a virtual machine, creating a fake ID that allows the perpetrators to generate revenue.[4]


Judy uses infected devices to generate fraudulent clicks on advertisements to generate revenue.[2]


Mitigation Description
Application Vetting