Generate Fraudulent Advertising Revenue

An adversary could seek to generate fraudulent advertising revenue from mobile devices, for example by triggering automatic clicks of advertising links without user involvement.

ID: T1472
Sub-techniques:  No sub-techniques
Tactic Type: Post-Adversary Device Access
Tactic: Impact
Platforms: Android, iOS
Version: 1.0
Created: 25 October 2017
Last Modified: 03 July 2019
Provided by LAYER 8

Procedure Examples

ID Name Description
S0440 Agent Smith

Agent Smith shows fraudulent ads to generate revenue.[1]

S0525 Android/AdDisplay.Ashas

Android/AdDisplay.Ashas can generate revenue by automatically displaying ads.[2]

S0290 Gooligan

Gooligan can install adware to generate revenue.[3]

S0322 HummingBad

In July 2016, HummingBad generated more than $300,000 per month in revenue from installing fraudulent apps and displaying malicious advertisements.[4]

S0321 HummingWhale

HummingWhale generates revenue by displaying fraudulent ads and automatically installing apps. When victims try to close the ads, HummingWhale runs in a virtual machine, creating a fake ID that allows the perpetrators to generate revenue.[5]

S0325 Judy

Judy uses infected devices to generate fraudulent clicks on advertisements to generate revenue.[6]

S0419 SimBad

SimBad generates fraudulent advertising revenue by displaying ads in the background and by opening the browser and displaying ads.[7]


TERRACOTTA has generated non-human advertising impressions.[8]

S0424 Triada

Triada can redirect ad banner URLs on websites visited by the user to specific ad URLs.[9][10]

S0494 Zen

Zen can simulate user clicks on ads.[11]


ID Mitigation Description
M1005 Application Vetting