What is Click Injection?

A sophisticated form of click spamming, click injection is a commonly used mobile ad fraud method that steals organic and good traffic from other sources. Click Injection will use an app located on the user's device which informs the fraudsters when new app are installed on the device, triggering a click before installation is completed, enabling fraudsters to take credit for the install.

Click Injection exploits the existing drawbacks of last click attribution model, and injects click before the lead is submitted or an install is completed.

 

How does Click Injection work?

​

Click injection is a type of ad fraud technique that aims to win the last-click attribution in CPI campaigns affecting millions of devices. Fraudsters inject a click when an app is downloaded by a user on their device just before the install is completed. Publishers are usually charged a fixed fee when an app is installed, but when click injection is performed, fraudsters receive the financial credit for the app install. Fraudsters also utilise bots or bot networks to click on multiple ads at the same time.

​

1. User clicks on the ad to download an app.

2. The malicious app on user's device features code that allows it to monitor user’s device for all new installs.

3. Malicious publisher’s app detects that user is downloading an app.

4. Malicious publisher injects fake click event.

5. User opens the app for the first time.

6. Advertiser attributes credit to malicious publisher, even though they provided no value in driving the install, and pays them a percentage of revenue.