Jump to content

Search the Community

Showing results for tags 'adware'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 8 results

  1. When you think of malware, it's understandable if your mind first goes to elite hackers launching sophisticated dragnets. But unless you're being targeted by a nation-state or advanced crime syndicate, you're unlikely to encounter these ultra-technical threats yourself. Run-of-the-mill profit-generating malware, on the other hand, is rampant. And the type you're most likely to encounter is adware. In your daily life you probably don't think much about adware, software that illicitly sneaks ads into your apps and browsers as a way of generating bogus revenue. Remember pop-up ads? It's like that, but with special software running on your device, instead of rogue web scripts, throwing up the ads. Advertisers often pay out based on impressions, or the number of people who load their ads. So scammers have realized that the more ads they can foist upon you, the more money they pocket. Ad It Up Your smartphone offers attackers the perfect environment to unleash ad malware. Attackers can distribute apps tainted with adware through third-party app stores for Android and even sneak adware-laced apps into the Google Play Store or Apple's App Store. They can reach millions of devices quickly, lurking on your phone, say, while their servers spew ads that run in the background of your device or right on the screen. It doesn't require elaborate hacking techniques. It isn't trying to steal your money. At worst, it makes your device a little slower or forces you to close out some unexpected ads. Adware could be on your phone right now. "With adware—which is in my opinion one of the boldest types of malware on the mobile front—we can see that the actors are basically following the money," says Aviran Hazum, analysis and response team leader at security firm Check Point. "A lot of victims will pay a ransomware ransom, or attackers can gain access to a bank account, but the probability of that is relatively low compared to the amount of money they can generate by displaying ads. More audience, more adware, more revenue." Strains of adware regularly infect tens of millions or even hundreds of millions of devices at a time. Even though adware detections have declined year over year, security firm Malwarebytes still ranked it as the most prevalent type of consumer malware in 2018. Check Point published findings on one example last week, dubbed Agent Smith, which infected more than 25 million Android devices around the world. Fifteen million of those are in India, but Check Point also found more than 300,000 infections in the US. Check Point sees signs that attackers started developing Agent Smith adware in 2016 and have been refining it ever since. Distributed largely through the third-party Android app store 9Apps, the adware was originally a more clunky, obvious type of malware that masqueraded as legitimate apps but asked for a suspicious number of device permissions to run and displayed a lot of intrusive ads. In spring 2018, though, Agent Smith evolved. Attackers added other malware components so that once the adware was installed, it would search through the device's third-party apps and replace as many as possible with malicious decoys. The initial malware would be in apps like shoddy games, photo services, or sex-related apps. But once installed, it would masquerade as a Google update utility—like a fake app called Google Updater—or apps that pretended to sell Google products, to have a better chance of hiding in plain sight. Agent Smith also infiltrated the Google Play Store during 2018, hidden in 11 apps that contained a software development kit related to the campaign. Some of these apps had about 10 million downloads in total, but the Agent Smith functionality was dormant and may have represented a planned next step for the actors. Google has removed these tainted apps. Check Point's Hazum points out that the actors behind Agent Smith also overhauled its infrastructure in 2018 and moved its command and control framework to Amazon Web Services. This way, the attackers could expand features like logging and more easily monitor analytics like download stats. Campaigns like adware and cryptojacker distribution can often function on legitimate infrastructure platforms like AWS, because it's difficult to distinguish their malicious activity from legitimate operations. In other recent adware campaigns, researchers have found innovations like malware that takes advantage of smartphone display and accessibility settings to overlay invisible ads that give them credit with ad networks without users even seeing anything. "You’re starting to see actors realizing that just regular adware won’t do these days," Check Point's Hazum says. "If you want the big money you need to invest in infrastructure and research and development." It's an Ad, Ad, Ad, Ad World Agent Smith is just one wave, though, in a sea of massive adware campaigns that impact hundreds of millions of users combined. For example, in late 2017, adware known as Fireball infected more than 250 million PCs. Imposter Fortnite apps started spreading adware on Android during the summer of 2018. And in April researchers found 50 adware-ridden apps in Google Play that had been down­loaded more than 30 million times. Almost any popular app spawns adware clones almost immediately—even FaceApp. Though adware isn't necessarily an immediate threat to users, even when it's on their devices, it opens the door for attackers to add other malicious functionality in the future that could endanger users' data or accounts. And adware can also come bundled with other types of malware, portending worse attacks to come. “Specific to adware, a lot of the risk to the user comes in applications that download extra stuff or redirect users to other websites,” says Ronnie Tokazowski, a senior threat researcher at email security firm Agari. “Many forms of adware are sold through a pay-to-install model, so the more things that get installed on an end user’s phone or PC, the more the actor gets.” To avoid downloading adware in the first place, use official app stores to download software, stick to prominent, mainstream apps as much as possible, and always double-check that you're actually downloading, say, the real Twitter app and not Twltter. To eliminate adware that could already be on your device, go through your apps and delete anything you don't use anymore, or any apps that are particularly glitchy or ad-ridden, such as random games or utilities like flashlight apps. And if you want an outside opinion, you can download reputable adware scanners from antivirus companies like Bitdefender, Malwarebytes, or Avast. Most offer a free trial. But be careful to download the real deal—adware and other malware loves to hide in apps that pretend to be adware scanners. Adware isn't the powerful and deeply invasive malware that nation-state hackers specially craft for tailored reconnais­sance or intimidation. But it's the malware most likely to show up on your phone, which makes it the type that's most important to look out for. Source
  2. The heavily obfuscated adware was found in 238 different apps on Google Play. Consumers and enterprise customers expect the apps they download from Google Play, Apple's App Store, and other officially sanctioned app repositories to be secure and have at least minimal respect for privacy. But security researchers at Lookout found 238 applications in Google Play that hid BeiTaAd, a well-obfuscated ad plugin that could display ads on the device's lock screen, trigger video and audio advertisements even while the phone is asleep, and display ads outside the app that interfered with the user experience in other applications. Kristina Balaam, security intelligence engineer at Lookout and author of the blog post on the research, says that the company's research into the apps began with a phone call. "We [Lookout] got a support call from an enterprise user who noticed strange pop-up ads on their devices," Balaam says. "The support person contacted the research team, we started digging through the apps, and realized that there were other samples." What they found was a collection of 238 apps from a single publisher, all of which contained adware that someone had gone to great lengths to hide. The publisher, CooTek, is known for legitimate Android apps and is listed on the NYSE. And the simple presence of adware in free apps isn't unprecedented: Many publishers use in-app advertising as a way to profit from free apps. The difference in this case, Balaam says, is that "as official stores start to lock down the ads that can be shown, the publishers have to become more creative in how they hide adware." In the case of the CooTek apps, someone used very sophisticated techniques to obfuscate the adware executable bundled with the app. The adware was renamed, given a different filetype extension, and given AES encryption. All of this might have been a small annoyance, but BeiTaAd is so aggressive that it effectively rendered the device unusable for enterprise purposes. The combination of CooTek apps and BeiTaAd adware was effective at spreading the ads to a wide audience. In a screen shot used in the research report, one of the apps — TouchPal Keyboard — shows more than 100,000,000 downloads. Together, the infected apps showed more than 440 million downloads, according to Lookout. The research report states that as of May 23, 2019, all affected apps had been either removed from Google Play or updated to versions that do not contain BeiTaAd. Still, Balaam says, "Whoever is responsible for this plug-in, they're aware that it doesn't comply with the Google terms of service." She doesn't point a finger at the company or any individual, but continues, "Someone knew that what they were doing was wrong and they tried not to get caught." Source
  3. Adware, PUPs, and unwanted extensions are being promoted through sites that pretend to be adult video sites. When a visitor tries to play a video, a fake video player popup will be displayed that states you must download and install an updated media player to see the video. This "media player", though, just installs unwanted programs onto your computer or redirects you to unwanted chrome extensions. These fake sites consist of autogenerated pages based on popular celebrity or adult star keywords so that they can get as many pages as possible into search engines. When a user clicks on these links and tries to play the video, they are shown a fake video player like the one below. Fake video player This video player will state that there was an error playing a video and that you need to download a media player to properly watch the video. The full text of this alert is shown below. If a user clicks on the message, they will either download an adware installer or be redirected to another site pushing unwanted chrome extensions. One of the extensions being promoted contains scripts that perform in-browser mining. These adware installers bundle free and legitimate programs in order to bundle their "offers" to those who install the software. For example, in one of the adware bundles I tested, it was pushing the free AIMP media player. Adware Installer Pushing the Free AIMP Program One of the offers show when testing the adware bundle is a "Search Offer" that installs a Chrome Extension on to the computer. Search Offer Another offer was for Avast. Avast Offer As these sites are created only to push unwanted software on a visitor, rather than actually showing a video, they should be avoided. Even more important, if you run into a site that tells you that you need to install a piece of software to properly use it, I would instead find a site that does not require you to install software before using it. As this tactic is all too often used to trick people installing malware onto their computer, it is important to recognize these types of social engineering attacks. Source
  4. GridinSoft Trojan Killer 2.2.3.9 GridinSoft Trojan Killer - advanced program to clean your computer of all malicious threats! If you - a permanent internet user, you should take steps to protect your personal information against cyber-criminals. Trojan Killer can help you in this matter! The program quickly identify (recognize) and immediately remove dangerous malicious Trojans - spyware and adware, malware blocking and restricting the activities of tools, keyloggers, etc. before irreversible painful events will come in the form of stolen accounts, passwords, credit card numbers, personal, corporate and other information. Trojan Killer is designed specifically to disable / remove Malware without the user having to manually edit system files or reestr.Programma also removes the additional system modifications that are ignored by some standard antivirus scanners. Trojan Killer scans ALL the files loaded at boot time, Adware, Spyware, Remote Access Trojans, Internet Worms and other malware. Trojan Killer works in a security system for providing security in computer systems. The program will help you get rid of annoying adware, malware and other rough tools. It is very important to restore control over your computer, and do not let anyone use your data. Additional tools:Reset Home Internet Explorer / Start / Search Page Settings Some Malware programs make changes to the main page of Internet Explorer, Start and Search Page settings, in order to redirect the web browser to different websites. This utility will reset the Home / Start / Search pages to standard Defaults. You can then manually reset your Home Page to your website of choice (or leave it "blank", the default). Restore the HOSTS fileWindows HOSTS file is a text file which stores website addresses. The file can be used to speed up access to websites you visit often - by equating the website name to its address DNS, web browser can find the website more quickly as it does not have to query a DNS-name Server. Some Malware programs add entries to this file, to either deny access to websites (usually security-related Web sites or antivirus company), or re-direct access to websites of their choosing. Reset Windows Update, politicianSome Malware programs attempt to prevent Windows Update, from running, and inhibit access to resetting Windows Update, by blanking out the Windows Update options on the Configure Update. Website: http://www.gridinsoft.com OS: Windows XP / Vista / 7 / 8 Language: Ml Medicine: Patch / Keymaker Size: 46,00 Mb.
  5. By Casey Johnston - Jan 28 2014, 7:00am AUSEST Updates turned some Chrome add-ons maliciousnot all browsers allow that. Customers complain about activity tracking in CRXMouse on Chrome, a particularly invasive add-on. In a recent revelation by OMG Chrome and the developer of the Chrome extension Add to Feedly, it came to light that Chrome extensions are capable of changing service or ownership under a users nose without much notification. In the case of Add to Feedly, a buyout meant thousands of users were suddenly subjected to injected adware and redirected links. Chromes regulations for existing extensions are set to change in June 2014. The changes should prevent extensions from being anything but simple and single-purpose in nature, with a single visible UI surface in Chrome and a single browser action or page action button, like the extensions made by Pinterest or OneTab. This has always been the policy, per a post to the Chromium blog back in December. But going forward, it will be enforced for all new extensions immediately and for all existing extensions retroactively beginning in June. Given how Chromes system of updates, design restrictions, and ownership seemed to have gotten ahead of itself, we decided to take a look at the policies of other browsers to see if their extensions could be subjected to a similar fate. While Chrome isnt the only browser where an Add To Feedly tale could be spun, it seems to be the most likely place for such an outcome. Firefox Mozillas Firefox differs from Chrome in that it has an involved review system for all extensions that go from developers to the front-end store. Reviewers will reject an extension if it violates any of the rules in Firefoxs extension development documents. One of these rules is no surprisesan add-on cant do anything it doesnt disclose to users, and existing add-ons cant change their functionality without notifying the user and getting their permission. Firefox puts add-ons with unexpected features, like advertising that supports the add-on financially, into a separate category. Users have to explicitly opt-in to these features, says Jonathan Nightingale, vice president of Firefox. This means that in these cases, users will see a screen offering them the additional features, says Nightingale. One example is FastestFox, which pops a tab at first install asking the user to enable ad injection from Superfish. It's how developers implement these opt-in screens that could provide for a possible loophole; the addition of advertising might be obscurable by language, and data tracking could be, too (it's permitted under Firefoxs rules, but it must be disclosed in a privacy policy). Still, the review policy and need for opt-in for these more pernicious features both help prevent users from having new functionality sprung on them. Safari Safari has extensive design documents for its extensions but no central clearinghouse for them like other browsers. Apple keeps a gallery of a chosen few extensions that must meet certain regulations, but these represent a small fraction of the extensions available. Data tracking of an extensions users is possible, per the design docs, as is ad manipulation. Unlike Chrome, but like Firefox, the download and installation of Safari extension updates must be manually approved by the user. There are no regulations for disclosing functionality changes or changes of ownership, however. Internet Explorer Microsofts browser absolves itself of responsibility for add-ons on a support page where it states, "While add-ons can make your browsing experience better by giving you access to great Web content, some add-ons can pose security, privacy, or performance risks. Make sure any add-ons you install are from a trusted source." Add on at your own risk. Like Apple, Microsoft maintains an exclusive gallery of vetted add-ons. The company encourages extension makers to get user consent for unexpected add-on functionality, but it doesnt require it or block extensions that dont do it. Markup-based extensions can only be installed from within the browser, and therefore these must have the users explicit consent according to Microsoft. Other than this infrastructure, nothing prevents IE add-ons from doing things like injecting ads or redirecting a browsing experience (remember, this was the former home of the invasive toolbar add-on). IE10 does have an add-on management window, but some add-ons, like the ad-injecting Buzzdcock, have to be removed as if they are full-fledged applications. Uninstalling a particularly invasive IE add-on. Opera The latest versions of Opera are able to use Chromium extensions, but unlike Chrome ones, they get a review process thats similar to Firefoxs. Most importantly in Opera, there are restrictions on the types of scripts an extension can run and how they handle ads. Andreas Bovens, head of developer relations at Opera Software, told Ars in an e-mail that Opera doesnt allow extensions that include ads or tracking in content scripts, so extensions that, for example, inject ads inside webpages the user visits are not allowed. Extensions can, however, have ads in their options pages or in the pop-up that is triggered by their button in the browsers interface. Every extension gets a review, and the review team takes special care to suss out the nature of any obfuscated JavaScript code. If some of the code is obfuscated, reviewers ask the developers for the unobfuscated code to look at as well as a link to the obfuscation tool. That way we can check that the input and output indeed match, Bovens says. When an extensions ownership is transferred or the extension is updated, its subject to the same rigorous review process as an extension thats being submitted for the first time, according to Bovens. An extension that goes from having no ads to injecting ads, as some Chrome extensions do, simply would not pass [Operas] review process, Bovens says. Retiring to the not-so-Wild West? While Chrome extensions may have a better ideology than those of some other browsers, the breadth and depth of functionality that Chrome extensions can have without any kind of review process means that Chrome users trust can get taken for granted. Its similar to the Google Play app store, in that way: pretty much anything can make it to the market, but enough user complaints can get it taken down, as in the case of Add to Feedly and Tweet This Page. Based on policy and practice, users who heavily rely on extensions or have been made wary of them by developers recent transgressions may be safer on browsers like Firefox and Opera, where regulations are a bit stricter and there are people to police them. But there can be downsides to a vetting process, too, mainly in terms of rate-limiting iteration and improvements, so its a matter of weighing options. Former home? This is the current home for an awful lot of crapware add-ons, like Conduit's search hijacker, or the Ask.com toolbar that still hasn't died a thousand deaths, even though it should. http://arstechnica.com/business/2014/01/seeking-higher-ground-after-chrome-extension-adwaremalware-problems
  6. Google has removed two Chrome extensions from its store due to the way they were serving ads to users. The extensions in question, Add to Feedly and Tweet This Page, both started life as useful additions to Google's web browser, but were soon serving users pop-ups and other intrusive ads. The reason for the sudden change in behavior? In Add to Feedly's case, at least, it was purchased from its developer and quickly began serving ads to its 30,000 users. In a blog post, Add to Feedly developer Amit Agarwal describes how he got an email presenting "a four-figure offer for something that had taken an hour to create." As you'd expect, the developer decided to cash in, but a month on realized the new owners of the extension silently updated it to serve ads. "These aren't regular banner ads," says Agarwal, "these are invisible ads that work [in] the background and replace links." The issue was picked up by OMG Chrome and Ars Technica, both of which suspect the issues aren't limited to Add to Feedly and Tweet This Page. The suggestion is that advertisers regularly buy popular extensions and transform them into adware. This appears to be backed up by the developer of the popular Honey extension, who claimed last weekend he too was approached by advertisers about selling the add-on. Shortly after the articles were published, Google took action against the rogue extensions, citing a December change to its policies that outlaws complex changes to websites by extensions, according to The Wall Street Journal. Although the changes aren't due to be enforced until June, Google has clearly taken a harder stance on such flagrant abuse. Agarwal, for his part, admits "it was probably a bad idea" to sell Add to Feedly, and apologizes to users affected by the adware. Source
  7. By Ron Amadeo - Jan 18 2014, 10:10am AUSEST Once in control, they can silently push new ad-filled "updates" to those users. One of the coolest things about Chrome is the silent, automatic updates that always ensure that users are always running the latest version. While Chrome itself is updated automatically by Google, that update process also includes Chrome's extensions, which are updated by the extension owners. This means that it's up to the user to decide if the owner of an extension is trustworthy or not, since you are basically giving them permission to push new code out to your browser whenever they feel like it. To make matters worse, ownership of a Chrome extension can be transferred to another party, and users are never informed when an ownership change happens. Malware and adware vendors have caught wind of this and have started showing up at the doors of extension authors, looking to buy their extensions. Once the deal is done and the ownership of the extension is transferred, the new owners can issue an ad-filled update over Chrome's update service, which sends the adware out to every user of that extension. We ought to clarify here that Google isn't explicitly responsible for such unwanted adware, but vendors are exploiting Google's extension system to create a subpar—and possibly dangerous—browsing experience. Ars has contacted Google for comment, but we haven't heard back yet. We'll update this article if we do. A first-hand account of this, which was first spotted by OMGChrome, was given by Amit Agarwal, developer of the "Add to Feedly" extension. One morning, Agarwal got an e-mail offering "4 figures" for the sale of his Chrome extension. The extension was only about an hour's worth of work, so Agarwal agreed to the deal, the money was sent over PayPal, and he transferred ownership of the extension to another Google account. A month later, the new extension owners released their first (and so far only) update, which injected adware on all webpages and started redirecting links. Chrome's extension auto-update mechanism silently pushed out the update to all 30,000 Add to Feedly users, and the ad revenue likely started rolling in. While Agarwal had no idea what the buyer's intention was when the deal was made, he later learned that he ended up selling his users to the wolves. The buyer was not after the Chrome extension, they were just looking for an easy attack vector in the extension's user base. This isn't a one-time event, either. About a month ago, I had a very simple Chrome extension called "Tweet This Page" suddenly transform into an ad-injecting machine and start hijacking Google searches. A quick search for the Chrome Web Store reveals several other extensions that reviewers say suddenly made a U-turn from useful extension to ad-injector. There is even an extension that purports to stop other extensions from injecting ads. Injected ads are allowed in Chrome extensions, but Google's policy states that which app the ads are coming from must be clearly disclosed to the user, and they cannot interfere with any native ads or the functionality of the website. When malicious apps don't follow Google's disclosure policy, diagnosing something like this is extremely difficult. When Tweet This Page started spewing ads and malware into my browser, the only initial sign was that ads on the Internet had suddenly become much more intrusive, and many auto-played sound. The extension only started injecting ads a few days after it was installed in an attempt to make it more difficult to detect. After a while, Google search became useless, because every link would redirect to some other webpage. My initial thought was to take an inventory of every program I had installed recently—I never suspected an update would bring in malware. I ran a ton of malware/virus scanners, and they all found nothing. I was only clued into the fact that Chrome was the culprit because the same thing started happening on my Chromebook—if I didn't notice that, the next step would have probably been a full wipe of my computer. The difficult part of this for users is that normal removal techniques will not work. Virus scanners are unlikely to flag ad-injecting JavaScript as malicious. Extensions are synced to your Google account, which means that even wiping out a computer and reinstalling the OS will not remove the malware—signing-in to Chrome will just download it again. The only way to be rid of the malware is to find the extension in chrome://extensions and remove it—and to make sure the removal gets propagated to your account and down to all your other devices. Even when you have it narrowed down to Chrome, since nothing detects a malicious Chrome extension, the best course of action is to meticulously check the latest reviews of every extension and hope that someone else has figured out where the ads are coming from. What can users do to protect themselves? It's very hard to keep yourself in the loop with Chrome extension updates. Extensions usually don't have changelogs, and there is currently no way to disable extension auto-updating. One way to stay a least slightly informed of what is going on is to install an extension that will notify you when your other extensions get updated. Other than that, the only other option is to stop using extensions entirely, which is a little extreme. Just keep an eye on the simpler extensions from smaller extension makers—those are the ones at most risk of being gobbled up by a malicious entity. Chrome will require your approval if an extension adds new permissions, but the magic permission that allows ad-injecting is called "access your data on all web pages," which many legitimate extensions already use. A malicious extension buyer could even look for an extension that already uses this permission so that their update will arouse the least suspicion among current users. The reality, though, is that while it's extremely easy for a novice user to install an extension, it's nearly impossible for them to diagnose and remove an extension that has turned sour, and Chrome Sync will make sure that extension hangs around on all their devices for a long time. The author of Add to Feedly stated that his extension had around 30,000 users before it was sold and packed full of ads. Today, despite the flood of unhappy user reviews, the Chrome Web Store shows 31,548 users. Auto-updating from a trusted source is one thing, but when that user trust can be bought and sold—and extension ownership can change hands without the users being informed—something needs to be done. http://arstechnica.com/security/2014/01/malware-vendors-buy-chrome-extensions-to-send-adware-filled-updates/?
  8. Jorge Cárdenas

    SourceForge installers

    Please put direct links without sourceforge installers, or at least warn about unwanted optional software. My antivirus software don't allow to run or even download sourceforge installers, and I will not allow to do so. Some software developers offer direct download without sourceforge installers. I don't know if ares is one of them, because i can't find any direct link. Thanx for the excellent work in this wonderful site.
×
×
  • Create New...