PerimeterX researchers have discovered a widespread affiliate marketing fraud attack. A centrally controlled bot net is targeting thousands of web sites infecting millions of users. The attack uses malicious browser extensions to collect un-earned affiliate and referral fees against all of an affected user’s browsing and buying activity. Some of those extensions have a 1/2 millions installs each. Researchers found sites paying thousands of dollars to fictitious affiliates due to this attack.
This specific browser extension performs targeted affiliate fraud by falsely associating all of the user’s activities and eventual purchases on a website to an affiliate that never actually referred the user. These malicious browser extensions appear legitimate at first glance. They are highly rated in their browser’s “extension stores” and in many cases perform real functions (either by duplicating some legitimate extension or by actually providing such a capability).
Running quietly in the background, this extension watches every site with which the user interacts, checks a database of thousands of sites to see if the currently viewed site is being targeted, and then applies a method of fraudulently associating a referral ID to the user’s session that is accepted by the site. In this way, money is drained from the affiliate program budget for each of the targeted websites, and the analytics of the effectiveness of the marketing spend are skewed, losing track of the actual contributors.
Please find the full details at: https://blog.perimeterx.com/hijacking-users-affiliate-fraud/