| ID | E1472 |
| Objective(s) | Impact |
| Related ATT&CK Technique | Generate Fraudulent Advertising Revenue |
Malware may generate advertising revenue by generating clicks of advertising links. The ATT&CK technique, Generate Fraudulent Advertising Revenue, pertains only to mobile platform, but the behavior is applicable to other platforms as well.
See ATT&CK: Generate Fraudulent Advertising Revenue.
| Name | ID | Description |
|---|---|---|
| Advertisement Replacement Fraud | E1472.m02 | Malware injects ad windows onto websites the user views. [2] |
| Click Hijacking | E1472.m01 | Malware alters DNS server settings to route to a rogue DNS server: when the user clicks on a search result link displayed through a search engine query, malware re-routes the user to different website. Instead of going to the requested site, the user is taken to an alternate website such that the click triggers payment to the threat actor. [1] |
| Name | Date | Description |
|---|---|---|
| DNSChanger | November 2011 | Alters DNS server settings to route to a rogue DNS server for the purpose of click hijacking. [1] |
| Kovter | 2016 | Performs click-fraud. [4] |
[1] https://www.itworld.com/article/2734253/security/behind-the--massive--malware-ad-revenue-fraud-case.html
[2] https://www.fipp.com/news/insightnews/what-are-the-nine-types-of-digital-ad-fraud
[3] https://www.huffingtonpost.com/2011/11/09/click-hijack-hackers-online-ad-scam_n_1084497.html
[4] https://www.bleepingcomputer.com/virus-removal/remove-kovter-trojan