Screen capture of pay per install
The above is an actual screen shot taken from a website that offers pay-per-install programs.
The way it works is the hackers, or cyber criminals, sign-up for a program that pays them to install programs. As you'll see, some of these pay per install programs will pay up to $2 per installation
In today's world, $2 may not seem like much, however, when you realize that many hackers can have 1 million or more computers under "their control", that $2 now seems like a lot of money.
First, the cyber criminal will obtain a software program called a "packer". Virus Bulletin describes this well:
Packers are wrappers put around pieces of software to compress and/or encrypt their contents. They can be used by legitimate software to minimise download times and storage space or to protect copyrighted coding, but are commonly used in malware to disguise the contents of malicious files from malware scanners. Runtime packers essentially unpack (i.e. decrypt or decompress) executable files as they run - the first stage is the unwrapping process, and the unpacked file is then loaded into memory and run. A file can be packed numerous times with slight changes to the packing method, or with small and insignificant changes to the file inside, thus producing a final file which appears different from another identical file packed differently. A great deal of malware is regularly repacked in this way to try to beat detection, a technique known as server-side polymorphism. Anti-malware software can get around this by unpacking some packers as part of the scanning process; some software even alerts on any file packed with certain types of packer which are commonly used in malware but rare in legitimate software.
How do they make money from this?
Getting an unknown packer is critical. Anti-virus (AV) companies know that hackers use these packers to hide their malicious files. The AV companies invest resources in obtaining these packers so they can detect them.
Hackers use packers to hide their malicious code with some program you want - or think you want.
They may combine their malicious code with a screen saver of cute little puppies, or kittens. They make it "easy" for you to use this screensaver by "packing" it with a self-installing program. This combination is also "packed" with the software from a pay-per-install program.
Now they release this and promote it to the world. The hackers, or cyber criminals, also have their "network" of robotically (called botnets) controlled computers around the world.
They have such control of these computers they can "push" an installation of whatever they want to these computers in their botnets. Each one pays them from .50 to $2 per installation.
Why not close the companies that offer pay-per-install?
It's not that easy. Many of these companies offer legitimate pay-per-install programs.
Many of them will cancel an account if they have proof of any misuse of their service. However, there are so many of these companies in the world that hackers can easily move from one to another.
These pay-per-install companies make it extremely easy too. Here is a screen shot from one such site:
If you have any questions about the use of pay-per-install programs by cyber criminals, please feel free to send us an email via our contact page