news
November 21, 2019by Cybersixgill

Click Fraud for Sale on the Dark Web

The digital advertising market generated an estimated $283 billion in 2018.

But are advertisers really getting what they pay for? Evidence suggests not. Advertisers pay for a certain number of impressions -- that is, views of the ad. According to some estimates, roughly half of all impressions can’t be validated. In other words, there’s no proof that an actual human saw the ad.

Autoclickers and Ad Fraud

Dark web marketplaces are filled with apps and services designed to automate clicks on ads and links, mimicking the activity of real consumers while inflating traffic numbers. These automation tools, called autoclickers, are becoming increasingly sophisticated. Some have control panels for complex configuration, which give users the ability to develop modules and macros that evade detection by modeling authentic user behavior, automating clicking links on specific sites, or avoiding sites with fraud prevention tools like Captcha.

Ask anyone involved in ecommerce, and they are unlikely to be surprised. Ad fraud is a longstanding problem in the industry. We recently examined several dark web marketplaces to examine the current state of autoclickers.

Our first impression is that the market for these devices is quite robust. There are a significant number of users, and they tend to be very social. They share information about successes and failures. Simple tips like these lead to opportunistic copycat attacks.

Autoclicker users are also well-integrated into the underground marketplace, where hackers with minimal skills can pay more sophisticated actors for various services. Users can purchase autoclicking software and combine it with a rented botnet to inflate traffic numbers at a site or to click on ads paid for by a rival, depleting their resources.

Finally, we see the proliferation of schemes in which autoclickers are used to make money. In some cases, autoclickers are deployed in online games to reap rewards that can be sold. In others, autoclickers are used to generate direct revenue, such as in sites that pay users to click on links, or others that pay users to complete simple tasks.

Autoclickers: cost and benefits

Two autoclickers reviewed during a recent examination of dark web marketplaces illustrate the growing sophistication and low cost of these tools. The Bear Autoclicker generates traffic to a website. It employs several evasion techniques, including browser emulation (so the traffic appears to be originating from a browser). Sold for $175, it also provides a backend for users to monitor performance. Another bot designed to inflate traffic, the Diabolic Traffic Bot, can interact with content on sites, such as downloading items and viewing videos.

Autoclickers can be used to generate significant money. While individual clicks might generate fractions of a penny, harnessed through click farms (multiple devices at a single location) or through botnets, these scripts can generate hundreds of dollars per day for sophisticated users.

And yet, the sums involved raise serious questions about the cost and benefits of mitigation. While a single stolen credit card number, for example, can lead to thousands of dollars in losses, investment in fraud prevention by payment companies provides clear results and return on investment.

However, this is not the case when a fraudulent click is hard to detect and generates fractions of a penny. Fighting click fraud and autoclickers can lead to serious deterioration of the legitimate user experience.

This is why dark web surveillance is so important. The criminal underworld is filled with people who boast on anonymous forums and copycats seeking a quick buck. This openness can be useful. It’s up to advertisers, who have the most to lose to autoclickers, to stay ahead of the threat through monitoring.

To read the full report:

You may also like

Package SqzrFramework480 thumbnail

March 28, 2024

Suspicious NuGet Package SqzrFramework480: Unveiling the Threat Actor and Potential Impact

Read more
Man sitting at a desktop computer. The image is distorted and colorized.

March 27, 2024

State of the Underground 2024: Cybercriminal discourse is hiding in the shadows

Read more
PhantomBlu-Blog

March 21, 2024

PhantomBlu Cyberattackers: Backdooring Microsoft Office Users via OLE

Read more