Experts have revealed that scammers used traffic from an adult site to generate clicks on Google Ads banners, earning huge profits.
Malwarebytes researchers who first spotted the campaign revealed how someone created an ad campaign on one of the major adult ad networks and used the “popunder” ad format.
It’s basically a popup, but it’s underneath the active browser window. In this way, displayed ads can only be seen after the user closes or minimizes the browser.
“Clean” ads on adult sites
They then created a fake news site whose content is taken from other content sites. The articles published on this site include various tutorials, guides and the like. Being “clean” (no adult content, gambling, etc.), the site was able to serve ads from the Google Ads network.
They then overlaid an iframe on the site depicting the adult content of the TXXX site.
In other words, when a visitor to an adult site closes their browser, they will see a popunder advertising TXXX, which also seems reasonable given the context. However, if the visitor tries to click on any of the videos, they will actually click on the ad and thus generate profit for the scammers. At the end of the day, visitors to adult sites will click on ads from the Google Ads network, which goes against Google’s advertising policy of not containing any adult content.
Even if they don’t click on the ad, the mere fact that it loads generates revenue for scammers as ad networks also pay for ad impressions. Therefore, the fake news page and the ads on it are refreshed every nine seconds.
Malwarebytes claims that popunders are quite profitable as the average cost per thousand impressions (CMP) can drop as low as $0.05, and given that the traffic to adult sites is huge, the cybercriminal behind this scheme managed to generate a huge amount of profits.
Malwarebytes estimates that the campaign, which has just been completed, has generated 76 million ad impressions per month, which, with a CPM of $3.50, brings in revenues of up to $276,000 per month.
The identity of the cybercriminal is unknown, but they are apparently Russian.
By: Beeping Computer (opens in a new tab)