Google and the NYU Tandon School of Engineering conducted a yearlong study to reveal the business practices of those who pay vendors to install unwanted software in their install bundles.
The Investigating Commercial Pay-Per-Install and the Distribution of Unwanted Software report examined the relationship between software developers, called advertisers in pay-per-install lingo, affiliate networks that play the middle man, and publishers or popular software applications that repackage their binaries to include the coding of advertisers.
The report found that four of the largest pay-per-install networks routinely distributed unwanted ad injectors, browser settings hijackers, and scareware that have been flagged by over 30 anti-virus engines, according to an Aug. 4 blog post.
Researchers also found that 59 percent of weekly bundle offers bundled by the affiliate networks were flagged by at least one anti-virus engine as potentially unwanted, the report said. The bundles were promoted through fake software updates, phony content lockers, and spoofing other brands to trick users into downloading and accepting the installation terms.
“While not all software bundles lead to unwanted software, critically, it takes only one deceptive party in a chain of web advertisements, pay-per-install networks, and application developers for abuse to manifest,” the blog said.
The report identified 1,211 Software developers, called advertisers in pay-per-install lingo, which pay between 10 cents to $1.50 per install to have their software bundled with seemingly legit downloads. These costs are offset via ad injection, selling search traffic or levying subscription fees.