Magala Trojan cashes-in at the expense of small businesses

Criminals infect their victims' computers with the Magala Trojan Clicker, generating fake ad views, making up to $350 from each machine.

Update: 2017-07-19 14:44 GMT
Large-scale cyber attacks are now commonplace, such as the recent attacks on the servers of Dyn, which brought down sites including Twitter, the Guardian, Netflix, Reddit, CNN and many others in Europe and the US.

Kaspersky Lab’s researchers have discovered a new botnet that cashes-in on aggressive advertising, mostly in Germany and the US. Criminals infect their victims’ computers with the Magala Trojan Clicker, generating fake ad views, and making up to 350$ from each machine. Small enterprises lose out most because they end up doing business with unscrupulous advertisers, without even knowing it.

Contextual online advertising is a lifesaver for small enterprises that are usually unable to promote their products and services and increase potential customer awareness in other ways. The most common way to build a channel of supply and communication for these organizations is to purchase ads from legal advertising companies. However, if the latter are unscrupulous, small companies will flush money down the drain, and customers simply will not see the ad. This is exactly what happens with the Magala botnet.

Its authors compromise computers with malware, which then generates fake views and clicks for ads, thus switching machines into zombie mode and making a profit for the malware’s authors. Once propagated, Magala imitates a user click on a particular web page, boosting ad click counts. The main victims are those paying for the ad; typically, they are small enterprise owners dealing with fraudulent advertisers.

The Magala infection vector is quite simple – it propagates computers via compromised websites and discreetly installs its required adware. Magala then contacts the remote server and requests a list of search queries for click counts that need to be boosted. Using this list, the program begins to send search queries and click on each of the first 10 links in the search results, with an interval of 10 seconds between each click. 

According to Kaspersky Lab’s researchers, an average cost per click (CPC) in a campaign like this is 0.07 USD. The cost per thousand (CPM) comes to 2.2 USD. Ideally, a botnet consisting of 1000 infected computers clicking 10 website addresses from each search result, and performing 500 search requests with no overlaps in the search results, could ideally mean the virus writer earns up to 350 USD from each infected computer.

To reduce the risk of infection, users are advised to:

  • Use robust security solutions and make sure they keep all software up to date.
  • Regularly run a system scan to check for possible infections.
  • Stay wise when purchasing ads. It is better to choose trusted partners than try to cut the costs and rely on unverified counterparties.

Similar News