That should be relatively easy to detect, since the actors must have an account with Google, through which they receive payments for ad clicks. Google would just have to find a copy of the malware, and see which accounts the clicks are targeted at.
What I’m talking about would be impossible to detect, since it just amounts to regular users clicking regular ads. But it would also be more challenging to profit from, so it would amount to sabotage more than a profit scheme, unless somehow coupled with short-selling Google stock (a bit more far-fetched, admittedly).
Click fraud has been one of the ways to profit from a botnet of virus-infected computers for years.