Magala Trojan Clicking on Search Result Ads for Money

Kaspersky Lab Researcher, Sergey Yunakovsky had discovered a new click-fraud Trojan namely “Magala” which is infecting the Windows based PC in a very unique way. It is using virtual desktops to click on search-result ads in order to gain financial benefits. This Trojan is especially targeting IE 9 or above.

How Dows Magala Functions?

The aim of Magala Trojan is to run search-engine queries and click on ads. This happens by initializing a virtual desktop and then installs “Maps Galaxy”. This toolbar changes the IE homepage to MyWay/hp.myway.com which is a search-engine that uses custom Google search result. Magala communicates with a “Command and Control” server for downloading the list of keywords. These words are used to run a search queries on MyWay website which is now your homepage of IE. In the search result page, it clicks on the first ten search results and many of them are promoted ads. Magala uses a native Windows IHTMLDocuments2 interface for accessing the webpages.

Profits Made by Magala

Every time when the infected host clicks on the promoted ads, some amount of penny is added in its developer account. The cost-per-click on this scam is probably 0.07 USD. As Yunakovasky says, the cost per thousand (CPM) is about 2.2 USD. The amount of profit made by Magala for its developers could be huge and it is directly dependent on number of infected computers, performed search queries and results, and number of clicked websites in the search-result overall.

Who is Magala Author?

Well, according to Bleeping computer researches, Magala Trojan was first active in Janauary this year and it probably circulated through freeware bundlers. The creator of MapsGalaxy Toolbar was too contacted that time in order to alert them regarding this Trojan.  The infections like Magala is not a direct threat for the users but such Botnet definitely cheats the companies which pays huge amount to Online advertising firm for advertisements.