[jjjensen90]

Seems to me that it is indeed running a hidden browser on a background thread, loading ads, and simulating views/clicks. That is in addition to collecting and sending user and system information (possibly also for ad-serving or information sales or some other nefarious skulduggery).

[nerdponx]

I wonder if this was actually an attempt to scam the advertisers into thinking they were receiving genuine add traffic, in order to get affiliate revenue. Using actual customer data might have prevented the advertisers from getting suspicious.

[0xfeba]

By and large, that's exactly what it was doing, getting ad revenue. The second part also sounds plausible, but it would need to use this as the user agent during the actual clicks.

[lsaferite]

A simple thing would be to trigger a visit to a site using a JS coin miner if it's running JS in the hidden browser.

[slig]

It would be more efficient and simple to just run a miner in Java.

[lvoudour]

I'm surprised he wasn't mining bitcoins on the side :)