Google AdSence MitM Botnet Scheme Infected One Million Computers!

The so-called “redirector.paco botnet” works by replacing Google AdSense for search results and steals advertising revenue.


A hacking group of cyber criminals has infected about 1 Million computers around the world with a malicious script that hijacks user’s search results pages through a local proxy. This was revealed by security researchers from Romania. The massive click-fraud botnet was named Million-Machine Campaign or MitM.

For those of you who are not aware what botnet is – this is a network of computers infected with malware. Not just a malware, but a piece of malicious script that is specially designed to take over the entire infected system, and all this, without the user’s knowledge. These botnets are usually being used for launching denial-of-service (DDoS) attacks against websites.

monitor-1308951_1280

The malicious script behind this massive botnet attack is known as Redirector.Paco Trojan. It alone has infected more than 900,000 computers all around the world in the past two years. According to the security researchers, since it first appeared back in September 2014, “redirector.paco botnet” has infected computers all across the world, mostly in India, Malaysia, Greece, and USA as well as Italy, Pakistan, Brazil, and Algeria.

The so-called “redirector.paco botnet” works by replacing Google AdSense for search results with its own application, this way stealing advertising revenue from infected machines. The aim of the cyber criminals, of course, is to earn money from AdSence.

Google AdSence normally operates by placing relevant ads on Custom Search Engine’s search results pages, and then shares some of the revenue with AdSence partners. It looks like this hacking group has found a way to make a botnet scheme taking advantage of this revenue sharing, which works only for them.

Redirector.Paco infects users through a Trojan which hides in infected software packages. This happens when users download and install compromised versions of popular software programs like YouTube Downloader, pirate WinRAR, KMSPico, Stardock Start or Connectify.

Experts reveal that the Paco malicious script serves as a man-in-the-middle attack. It uses a root certificate in order to discard the certificates for the famous search engines of Google, Yahoo, and Bing, which are accepted by the infected computer’s browser.

In order to stay away from these kinds of cyber threats, follow the basic online security measures. Our “How to remove” team would advise you to keep your system and antivirus software updated. It is a good idea to always pay attention to warning signs and symptoms that may reveal if something is not right with your PC. And don’t forget to check the news regularly.

Was this guide helpful?