In operation 3ve, US Justice Department and Google announced they had shut down a massive click fraud operation.  It used Kovter malware infections on 1.7M devices to serpetitiously hide and participate in the campaign. 

https://www.pcmag.com/news/365155/hackers-made-millions-using-infected-pcs-in-click-fraud-sche

On Tuesday, the US Justice Department and Google announced they had shut down a massive click fraud operation, which involved infecting thousands of Windows computers to click on internet ads. A massive cybercriminal operation that infected more than 1.7 million computers to generate clicks on internet ads has been taken offline.

Dubbed “3ve” (pronounced Eve), the click fraud involved cybercriminals taking over Windows PCs, and secretly automating them to visit certain websites to generate the fake clicks over online ads. The operation was so large that 3ve was able to produce between 3 billion to 12 billion ad clicks per day.

To infect PCs, the hackers used a malware strain, called Kovter, which can run a hidden browser over a computer without the user ever aware. Kovter was spread via spam email attachments and compromised websites, which tricked victims into downloading fake Chrome, Firefox and Flash updates. An estimated 700,000 Windows computers were actively infected at any given time by the malware