A new malware framework has been discovered padding statistics on social sites and ad impressions, according to new research from Flashpoint.

Researchers explained that over the course of the past three months, the malware framework has been responsible for more than one billion fraudulent Google AdSense ad impressions.

The malware uses three separate stages of installation to deliver a malicious browser extension that performs fraudulent AdSense impressions and generates likes on YouTube videos. It also watches hidden Twitch streams.

The initial stage of the framework executes the installer, which either sets up a new browser or downloads a module that does so. “The installer sets itself up as a task related to Windows Update by creating an XML file on the local disk and executing it as a scheduled task (schtasks),” the July 18 blog post explained. It then checks to make sure the installer was successful.

The second component is the finder, “a module designed to steal browser logins and cookies, package them in .zip files, and send them to the attacker’s command-and-control infrastructure.” Finally, the patcher module sets up the browser extension.

The malware is generating revenue for its operators, who are using a botnet to attack the content and advertising platforms by spreading the malware and targeting browsers such as Google Chrome, Mozilla Firefox and Yandex’s browser, according to the research.

“Flashpoint researchers found code, for example, that looks for YouTube referrers and then injects a new script tag to load code for YouTube. In this case, the injected JavaScript has an extensive amount of code that is designed to like videos, most of which are related to political topics in Russia. Separately, researchers also found code that injects an iframe into the browser designed to play a hidden Twitch stream, padding the viewer stats for the streamer on that page,” researchers wrote.

How is your state of IT?

Call Us: (201) 493-1414

Related Articles

Microsoft is delaying ending support for older versions of Windows 10 due to Coronavirus
BYOD and Federal Wage Laws
Human Resources Issues You Never Considered with BYOD
Why choose psWorkplace for secure collaboration?
6 Phases to Guide Your Small Business Through COVID-19 Planning and Response
Benefits of letting your employees work from home
Increase in Business Productivity Phishing Scams
The cost of downtime for small business
Reputable highly rated Small Business IT services and tech support company in New Jersey - powersolution industry awards

Looking for a Break-Fix support? We recommend ValueMSP »ValueMSP - Tech Support for Small Business

Scroll to Top