What Is Adware Round Tripping ?

Information technology has taken over almost every aspect of our lives and will continue to grow its span with time. But like everything else, it has its pros and cons. While it makes our lives easier and faster, it also brings the threat of vulnerability to our personal information. As we are more exposed to the outside world with everything coming online, the threat actors skip no chance to take advantage of this vulnerability and thus make it imperative for organizations to focus on ways to be more vigilant and keep track of frauds and traps.

Brands rely upon reaching the end-users by marketing their product and services in today's competitive world. They use different marketing tactics to ensure their visibility to the consumers, and one of the most popular ways is affiliate marketing. 

What is Affiliate Marketing?

A recent study shows that 81% of brands rely on affiliate marketing to get more user traffic for their online business. This number is only to grow in the coming years. 

Affiliate marketing is performance-based marketing in which brands reward the affiliates for each buyer bought by the affiliate's efforts. The brands here are referred to as Advertisers and the affiliates as Publishers. 

There are three main types of affiliate marketing:

1. Unattached Affiliate Marketing

Unattached Affiliate Marketing is the primary pay-per-click affiliate marketing campaign where affiliates have no presence in the niche of the product they promote. There is no link between the publisher and the end user. The publishers use mediums like Google AdWords, Facebook ads, and more to get users for the advertiser's website. It is an uninvolved form of affiliate marketing, and the only aim is to generate income. 

2. Related Affiliate Marketing

Related Affiliate Marketing is a type of affiliate marketing where the publishers have some connection with the products they promote. The publishers have the influence and knowledge to generate traffic for the products or services of the advertiser. They can use mediums like their website, blogs, and social media profiles to generate user traffic. The publishers here may or may not be using the services and products they promote. 

3. Involved Affiliate Marketing

The publishers serve as trusted promoters of the advertiser's products or services as they have used them. In this type of affiliate marketing, publishers have a deeper connection with the products they promote. The promotion is not done through banners, ads, or other mediums but is recommended within their content.

In affiliate marketing, publishers earn a commission for driving user traffic for the advertisers. As lucrative as it sounds, affiliate marketing also threatens the brand's reputation and advertising budget, and publishers often adopt illegitimate ways to earn commissions. Affiliate traps have been a concern for the brands, and in this article, we will be talking about one of the standard affiliate traps – Adware Round Tripping.

Malicious publishers use multiple ways to deceive advertisers and swindle their marketing budget. Advertisers use cookies to track affiliates and pay them accordingly. Adware serves as a medium to inject affiliate cookies into the user system and earn a commission for the sales happening from the user system.

What is Malware?

Malware is malicious software intentionally designed to cause damage to a computer or a computer network. Cybercriminals typically use it to extract data that they can leverage over victims for financial gain.

Malware can spread via different sources like fake software installations, malvertising, infected applications, email attachments, infected USB devices, and phishing emails. It gets into a user system when a user either downloads an infected software on the computer machine or visits an infected website. 

Affiliates can compromise the user data for various purposes:

• Tricking users' data for identity theft
• Stealing users' financial data
• Accessing control of computer networks to launch denial-of-service attacks against other networks
• Spreading Adware to steal advertisers' marketing budgets, and the list continues.

There are multiple types of malware used by cybercriminals, and one of them is Adware. As per a study by AV-TEST Institute, the total number of malware attacks has increased manifold in the last ten years. A brief is in the image below:

 

What is Adware?

Adware refers to a type of malware that displays unwanted advertisements on your computer or device. Adware has the potential to become malicious and harm your device by slowing it down, hijacking your browser, and installing viruses or spyware.

Adware is a category of software application used by threat actors to display advertisements on the user system or change the search result in the user browser to earn money for their creators from the user clicks. Affiliates often use Adware to inject affiliate cookies into the user system and monetize all sales from the infected user browser. 

Adware tends to make significant changes in the user system/browser. The most common signs to know that Adware compromises a computer system are:

• A decline in system performance
• Redirecting to sites the user didn't intend to visit, without the user 
• Random infection warnings on a computer screen
• A problem in shutting down or starting up your computer
• Frequent pop-up ads

The Adware usually gets installed on any user system bundled up with legitimate applications and injects affiliate cookies through pop-up ads, auto redirection, push ad notification, or click-jacking. 

Adware programs can change the browser's home page and the default search engine, inject affiliate cookies into search pages, inject rogue advertisements into legitimate websites, or trigger persistent pop-up windows in the browser. Their creators' goal is to earn affiliate commissions fraudulently by abusing pay-per-click or pay-per-view advertising schemes.

What is Adware Round Tripping?

Adware gets installed on a user system bundled up with web browser extensions, windows apps, or mac applications. Malicious Adware changes browser behavior collects user information and injects affiliate cookies into the user's browser. 

Adware Round Tripping is a technique of deceiving advertisers by stealing their genuine buyers. Affiliates use Adware to navigate users from the advertiser's website to their website and then direct them back to the advertiser's website, injecting affiliate cookies to monetize the sales. 

Let's look at a few scenarios:

Scenario 1 - Auto-Redirect

Affiliates bundle up Adware with legitimate software applications or browser extensions. Once the user downloads infected software or application, the Adware also gets downloaded without the user's consent. Malicious Adware controls the user system and browsing activities. When the user visits the advertiser's website, the Adware auto-redirects the user to the Publisher's website. Publishers then display product listings of the advertiser on their website. As the user clicks on any listings, they get directed to the advertiser's website. An affiliation cookie is activated in the user's browser. When the user makes a purchase, the affiliate earns a commission.

This process of navigating the user between advertiser and publisher websites without consent is round-tripping. As malicious Adware change browser settings and redirect the users, it is referred to as Adware Round Tripping.

Scenario 2 - Pop-Up Ads

Adware round-tripping by pop-up ads is a promotion method that has recently become popular amongst cybercriminals. When the user has installed potentially malicious Adware bundled up with legitimate software or application, attackers control the user's web browser. They then show unwanted pop-up notifications on the user's screen, mainly on the top right, bottom right, or center of the web page.

When the user visits the advertiser's website, the Adware starts displaying pop-up ads on the user's browser. Upon clicking on pop-up advertisements, the user gets redirected to the publisher's website, where the advertisers' deals are displayed. Once the user clicks on one of the deals or coupons, he gets redirected to the advertiser's website again, and an affiliation link gets injected into the user's browser. 

Scenario 3 - ClickJacking

Affiliates distribute Adware bundled up with legitimate software, applications, web extensions, and other downloadable tools. This Adware can then hijack the clickable elements on any website. 

 When a user visits an advertiser's website and clicks on a tab, he gets redirected to the publisher's website. The publisher's website displays deals on the products listed on the advertiser's website. The users again get redirected to the advertiser's website if he clicks on any product listing on the publisher's website. The affiliates drop a cookie at the backend and get paid for sales from the user browser. 

How do affiliates benefit from Adware Round Tripping?

The malicious affiliates may have various reasons for practicing adware round-tripping; the major ones are below:

•  Monetizing through affiliate marketing

Affiliates get paid for the completed transactions by promoting the advertiser's products on their websites and other social media platforms. The malicious affiliates use adware round-tripping as a medium to inject affiliate cookies to earn a commission without getting legitimate users for the advertisers. They pose a threat to the advertiser's brand reputation and marketing budget.

• Collecting User Data

Another use of adware round-tripping is to collect the users' data by storing their information like email address, contact details, browsing history, shopping preferences, and more in the cookies injected via Adware round-tripping. Affiliates collect user information and use it for purposes other than specified resulting in a breach of user data policy and poor customer experience.

• Tracking browser history 

Cookies track and monitor the user's browser history to provide a personalized experience to the end users. At the same time, this information is sensitive and private and requires approval from the user, affiliates record and use it without consent from the users. Such acts result in losing the trust f the users in the brand and directly hampers the brand's reputation.

What is the impact of Adware Round-Tripping?

Whether a user gets redirected without knowledge or clicks on a pop-up ad and redirects to the publisher's website, the user experience has affected either way. As the advertisers attribute a sale to the recent affiliate, fraudsters often get paid if the user makes a purchase.

•  Legitimate Affiliates Lose Commission:

Such acts affect the legitimate affiliates' earning capacity as the traffic they get to the advertiser's website is tracked by the cookie already stuffed in the user's system. And, the advertiser ends up paying Illegitimate affiliates.

• Brands Lose Their Advertising Budget:

Advertisers pay commissions to their affiliates for driving traffic to their websites and contributing to increasing their sales. Cookie stuffing helps the fraudsters monetize the sale from the traffic generated by legitimate affiliates. Advertisers end up paying the dupers which hurts their advertising budgets.

• Brand reputation is compromised:

In case of any affiliate traps, advertisers are at the losing end as they lose their advertising budget and the brand's reputation. When the users face issues while surfing on their websites and if the user's system gets infected because of malicious Adware, they leave with a poor user experience and tend to lose interest in the brand.

How to defend from malicious affiliates?

Virus Positive Technologies (VPT) is pioneering the market of Affiliate Fraud Management & Brand Protection. VPT's disruptive methodology identifies non-compliant behaviors that hurt conversion rates and damage the brand's reputation. A few are listed below:

• Pop-up ads
• Brand-bidding (the use of brand name keywords that are prohibited)
• Incentives (any incentive practices, such as offering cash for clicking)
• Aggressive & Misleading creatives
• Malvertising (injecting malicious ads or links into legitimate ads)
• Unauthorized Creatives (the visuals or links for custom ads)
• Pre-landers & fake browser alerts
• Google Display Network (any promotional activity on the GDN platform)
• Spamming and Bundling
• Forced redirects (clicks injected into consumer web sessions that divert customers to competitor offerings)

VPT offers a range of Brand Compliance Monitoring tools based on customized customer requirements and Affiliate Management Services to track and monitor the activities of the publishers in the advertiser's affiliate network.

Our digitized services protect your brand reputation and give your customer an undisrupted experience. Visit our website www.viruspositive.com or write to us at sales@viruspositive.com.