14 DAY TRIAL // Security firm Trend Micro has issued an alert for a persistent file infector that has been seen infecting the computers of users from several countries, Australia in particular. It’s called PE_XPAJ and one of its payloads is click fraud.
Once it lands on a computer, the malware connects to one of its many command and control servers. Then, it downloads its main file, which it places in the Windows folder.
Not only .exe, .scr, .dll and .sys files are infected, but also the Master Boot Record (MBR), to ensure that the malware can step into play each time the device is started.
The click fraud payload analyzed by the researchers allows cybercriminals to redirect users to ad-clicking scams that help them make a hefty profit.
Australia is not the only country affected by PE_XPAJ. Trend Micro’s Smart Protection Network has identified the threat in India, Japan, Italy and the United States as well.