Generate Fraudulent Advertising Revenue

An adversary could seek to generate fraudulent advertising revenue from mobile devices, for example by triggering automatic clicks of advertising links without user involvement.

ID: T1472
Sub-techniques:  No sub-techniques
Tactic Type: Post-Adversary Device Access
Tactic: Impact
Platforms: Android, iOS
Version: 1.0
Created: 25 October 2017
Last Modified: 03 July 2019

Procedure Examples

Name Description
Agent Smith

Agent Smith shows fraudulent ads to generate revenue.[1]


Gooligan can install adware to generate revenue.[2]


In July 2016, HummingBad generated more than $300,000 per month in revenue from installing fraudulent apps and displaying malicious advertisements.[3]


HummingWhale generates revenue by displaying fraudulent ads and automatically installing apps. When victims try to close the ads, HummingWhale runs in a virtual machine, creating a fake ID that allows the perpetrators to generate revenue.[4]


Judy uses infected devices to generate fraudulent clicks on advertisements to generate revenue.[5]


SimBad generates fraudulent advertising revenue by displaying ads in the background and by opening the browser and displaying ads.[6]


Triada can redirect ad banner URLs on websites visited by the user to specific ad URLs.[7][8]


Zen can simulate user clicks on ads.[9]


Mitigation Description
Application Vetting