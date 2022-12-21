Scammers used an adult website’s traffic to generate clicks on Google ad banners, earning them huge returns, experts have revealed.

Researchers at Malwarebytes, seeing the campaign for the first time, revealed how someone created an ad campaign on one of the major adult ad networks and used the “popunder” ad format.

It’s essentially a popup, but it goes below the active browser window. That way, the displayed ads can only be seen after the user closes or minimizes the browser.

“Clean” ads on adult sites

They then created a fake news website, scraping content from other content sites. The articles published on this website contain various tutorials, guides and the like. Because the site was “clean” (no adult content, gambling, or anything like that), the site was allowed to serve ads from the Google Ads network.

They then covered the site with an iframe containing content from the TXXX adult site.

In other words, when a visitor to an adult site closes their browser, they will see a pop-under advertising TXXX, which also seems legitimate given the context. However, should the visitor attempt to click on one of the videos, they will in fact click on the ad, generating profit for the fraudsters. At the end of the day, visitors to adult websites will click ads from the Google Ads network, which violates Google’s advertising policy of not containing adult content.

Even if they don’t click on the ad, the simple fact that it’s loaded generates revenue for the fraudsters as ad networks also pay for ad impressions. Therefore, the fake news site and the ads on it are refreshed every nine seconds.

Malwarebytes says popunders are quite cost efficient as the average cost per thousand impressions (CMP) can be as low as $0.05, and given that traffic on adult sites is huge, the threat actor behind the plan managed to a huge amount of winnings.

According to Malwarebytes estimates, the campaign, which has now ended, generated 76 million ad impressions per month, bringing profits to $276,000 per month at a CPM of $3.50.

The identity of the threat actor is unknown, but apparently they are Russian.

Through: Beeping computer (opens in new tab)