Microsoft issued a warning in September 2022 advising the public of an ad fraud campaign that relied on a piece of malware that downloads and installs without a user’s knowledge. Though anyone can fall victim to the scam, the scammers seem to be targeting gamers.
It is not unusual for scammers to find vulnerable populations and target them for malware attacks. It is also not unusual for click fraud perpetrators to rely on malicious software to do their dirty work. Combine the two things and you have the perfect storm for using gamers to rip off advertisers without them knowing they are being used.
How the Scam Works
The particular threat identified by Microsoft involves a threat actor known as DEV-0796, a known entity to security experts worldwide. It involves a malicious browser extension or a browser node-WebKit inadvertently downloaded from a website.
When the malware is attached to a browser extension, it is automatically activated along with the extension itself. When it involves a browser node-WebKit, the malware is attached to a file downloaded and opened by the victim. Here is where the gamers come in.
Scammers use disk image files that give them cross-platform access to both Microsoft and Apple systems. The software is designed to look like game cheats or other files gamers would want to enhance the gaming experience. The gamers are completely unaware of the fact that they are being used by scammers to perpetrate click fraud.
Once It’s up and Running
Once the malware is up and running, it does the scammers’ bidding by automatically finding and clicking on ads. Every click represents a charge to advertisers completely unaware that the clicks are fraudulent. They lose money while the scammers line their pockets.
What makes this type of scam so difficult to stop is how it is deployed. About the same time the Microsoft warning was issued, Kaspersky issued a report showing just how vulnerable gamers and gaming titles are to click fraud scams. Minecraft users alone were responsible for more than 23,200 malicious files distributed in the 12 months ending June 2022.
The Kaspersky report suggested that games and downloaders were the number one source of malicious software distribution during their year-long study period. They accounted for more than 88% of the malicious software cases observed during that time.
They Are Actually Getting Something
Gamers appear to be especially vulnerable because they are actually getting something they want or need when they download the software. Indeed, they are getting legitimate game cheats. They just don’t know that they are also getting malware along with it.
Game cheats are extremely popular for obvious reasons. Game designers program the cheats into their software as a promotional tool. As for gamers, they want the cheats to improve their performance. It is a match made in heaven for scammers.
Likely being avid gamers themselves, some of the scammers make discovering cheats a big part of what they do. They find the cheats, compile them in a disk image, and then offer them as free downloads to fellow gamers. But their cheats are packaged side-by-side with malware.
Gamers Play on Large Networks
Yet another reason gamers are popular targets is that they tend to play on large networks. Not only that, but gamers also go online for hours at a time. Every time a gamer starts playing, it is like opening up the floodgates of a large river with endless numbers of creeks, streams, and canals running from it.
A compromised computer can distribute thousands of files to others on the network. Meanwhile, the stealthy click fraud malware does its thing in the background. It searches for PPC ads, finds them, and clicks on them.
Click fraud protection software, like Fraud Blocker, doesn’t pick up on the activity so easily because it’s embedded within legitimate activity attached to the gamer himself. The gamer is just doing what he does when he is online. Malicious software is running in the background but still looks like normal user activity.
Software Can Still Help
Despite the difficulty of identifying this type of malicious behavior, Fraud Blocker says it is not impossible. The software can still help by tracking IP addresses and timestamps. A large number of clicks in quick succession are a red flag, especially if they come from the same IP address.
In addition, to click fraud protection software, advertisers should also be doing their own manual analysis of ad data. The task can be left to a digital marketing firm if an advertiser outsources its PPC campaigns. One way or the other though, human beings need to gather and analyze data alongside fraud prevention software.
Gamers Can Help, Too
Gamers can help fight click fraud, too. Microsoft specifically recommends turning on PUA protection to prevent malicious and unwanted software from installing itself. They also suggest utilizing Defender to block access to malicious and suspected download sites. Similar steps can be taken to protect Mac and Linux computers. Owners of both types of systems can consult their respective support channels for instructions.
Regardless of the OS a gamer utilizes, antivirus software should be kept up to date at all times. Regular system scans should be completed as well. Like any other type of ad fraud scheme, scammers take advantage of victims who do not take the necessary precautions to protect themselves.
Don’t Be a Victim or an Accomplice
It is clear that click fraud scammers are happy to target gamers when they want to distribute malicious software among unsuspecting users. Gamers are vulnerable due to their large network participation and desire for certain types of files to enhance the gaming experience.
If you are an advertiser, do not be a victim. Implement ad fraud prevention best practices right away. If you’re a gamer, don’t be an accomplice. Use the tools provided by your OS to prevent malicious software from being installed on your computer. The only way to stop click fraud and other online scams is to proactively work against them. We all have a role to play.