Threat Management, Malware

Study: Click-fraud malware often leads to more dire infections

Although often considered relatively innocuous, click-fraud malware infections could be the start of serious enterprise security issues.

Damballa warned in a “State of Infections Report” that seemingly low-risk click-fraud malware could lead to further infections of more sinister threats, such as ransomware 

“These threats don't just happen immediately,” Stephen Newman, CTO, Damballa, told “It's often the third or fourth infection on a device.”

In the report's RuthlessTreeMafia group example, a victim was infected with click-fraud malware through a phishing email. Once infected with this initial malware — the group used Asprox — the malware's Command and Control (C&C) server then updated the impacted device with additional malware. One was a rootkit and the other a click-fraud installer.

Eventually, after exploiting the infected machine to make money off click-fraud, the attackers sold it to other cybercriminals who dropped the CryptoWall ransomware on it. The entire attack took two hours to go from an initial click-fraud infection to three more click-fraud infections, plus Cryptowall.

Constrained IT teams often can't deal with every click-fraud threat, Newman said. However, instead of primarily focusing on preventing devices from infection, teams should monitor machines at all times. This could allow for quick responses, he said.

“These teams aren't able to discover the click-fraud on devices because there's so much effort around prevention,” Newman said. “So they miss the real infections in the first place.” 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.