Plenty of cyber security researcher had discovered a new click-fraud Trojan ie "Magala" which is infecting Windows based PC in a unique way. This is using virtual desktops to click on search results ads in order to gain financial benefits. This Trojan is specifically targeting IE9 or above.
How do the Magala functions?
The purpose of Magala Trojan is to modify the search engine queries to click on ads automatically. This happens when a user initializes a virtual desktop, and then install "Galaxy Maps". This toolbar changes the IE homepage to URMyWay/HP.myway.com which is a search engine that uses Google's custom search result. Then, Magala Trojan communicates with a "Command and Control" server to download the list of keywords. These words are used to perform search queries on the site's path that is now your IE home page. On the search result page, it clicks on the first ten search results and many of them are promoted as ads. Magala uses a native Windows IHTMLDocument2 interface to access web pages.
Profits made by Magala
Every time the infected host clicks on promoted ads, a Penny amount is added to the developer account. The cost per click on this scam is probably 0.07 USD. As security researcher says, the cost per thousand (CPM) is about 2.2 USD. The amount of profit made by Magala for its developers can be huge and is directly dependent on the number of infected computers, performed search queries and results, and a number of sites clicked on search-result overall. Therefore, in order to be safe from such nasty malware one should have an anti-malware tool on their PC.
Who is Magala author?
Well, according to the cyber security researcher, Magala Trojan was the first active in January 2017 and probably circulated through freeware packages. The creator of MapsGalaxy Toolbar was very contacted that time, in order to alert them about this Trojan. Infections like Magala is not a direct threat to users, but such a botnet definitely cheats companies that pay huge sums to the online advertising company for ads.