Barely a week passes without news of another malware app being discovered. Usually found in the Google Play app store, you’ve probably heard how these malware apps download malicious code that allows them to carry out sneaky practices without users realising.
But what are these malware apps for, and how do they really affect marketers? You might already be aware that they’re looking to steal money, but how does it work?
What are malware apps?
As mentioned, malware is usually found on apps downloaded from the Google Play store. However, malware can also be found in browser extensions and software downloads. Although the term ‘virus’ is often banded around, malware tends to be less self proliferating than software viruses and is usually added to the software via ‘side loading’. This is normally when an update or software patch is sent to a seemingly innocent app, adding in a malware element.
Typical examples of software that have been infected with malware include anything from games to utilities apps such as calculators, to VPNs or video codecs.
What are malware apps for?
Once on your device, malware will normally carry out some kind of fraud. Typically, this click fraud is used to hijack your device to interact with paid ads in the background, without your knowledge, or to steal data.
This malware can self proliferate, or it can simply be used as part of a network of devices (similar to a botnet). Once it’s on a device, it can be tricky to spot malware, although the giveaway is usually a slow running or overheating device.
Click fraud is a process whereby sneaky webmasters steal the ad budget of marketers by clicking on paid ads. This is normally done through spoofed websites. These websites are designed for the purpose of hosting display ads which then have fake traffic routed through them. You, the marketer, then pay for all those clicks and impressions, but see no extra conversions.
As mentioned, around a quarter of all clicks on paid ads are from fraudulent sources, often from malware. When added up over 2019, it’s estimated that click fraud cost marketers worldwide over $20 billion. And worse still, it’s still growing and forecast to hit over $30 billion in just a few years.
Why isn’t this practice being shut down?
Despite some high profile cases of sneaky app developers being shut down by Facebook and Microsoft, there is always another loophole to let the fraudsters in. Google, Facebook and all the ad networks do in fact work to close down fraud, but for them it’s kind of a win-win. Even those fraudulent clicks make them money, so it’s not totally in their interest to kill off click fraud.
The authorities worldwide do often shut down major click farm operations, including one in Thailand in 2017. With malware, it’s harder to locate a physical location and the perpetrators can be very hard to locate. And the malware app developers can make a lot of money from a successful campaign, so creating a new piece of malware code has a lot of appeal.
Two of the biggest ever are the infamous Methbot and 3ve botnet operations, which are thought to have made more than $37 million over the span of four years. By infecting millions of devices with malware, they were able to collect the payout on video ad views, with the initial Methbot software paying for the development of the more advanced 3ve. These sophisticated operations are the beginnings of the current crop of malware, showing just how profitable malware can be.
Protecting your PPC ads from malware and click fraud
If you run any kind of pay per click, or pay for impressions campaign, from Google Ads to Facebook or Taboola, you’re very likely impacted to some degree by this kind of fraud. And when you consider the cost per click of some campaigns, you’ll want to be sure you’re not paying fraudsters for one in four of your clicks
Another giveaway is repeat visits from the same IP address or lots of visits from locations where you’re not necessarily targeting .
The easiest way to protect yourself from these malware bots is to use anti-click fraud software, especially if you’re running high value pay per click campaigns. The industry leader, ClickCease, offers a free trial so you can see for yourself if your Bing or Google Ads are being clicked on by bots. Anti-click fraud software is usually simple to set up and is easily customisable to block competitor clicks, bots and click farms.
Those malware apps keep coming! So stay aware and make sure you don’t contribute to the growing click fraud industry.