October 5, 2015
Despite blocking efforts, online advertising is a daily part of our lives. Most of us get used to the large volume of adverts displayed daily, but authors of malicious code are trying to push the limits much further nowadays via advert-injection techniques used in malware threats.
In this post, we present a case study of one such malware that we detected via our AVG Identity Protection (IDP) component. Based on our telemetry, this infection is highly active and it is reaching its maximal peak. The most affected countries are the United States and Germany, followed by Saudi Arabia and the United Arab Emirates.
[st_image template="A3" alt="Countries most affected by spreading of this adverts-injection campaign (Jun-Sep 2015)." select_image="http://now.avg.com/wp-content/uploads/2015/09/map.png"]
Behaviour of This Threat
The user infection starts while installing an application proclaimed by its authors as a "Weather Forecast Application". However, once installed, this application silently downloads and installs other components that are purely malicious – this threat tries to infect all installed browsers and inject additional adverts in browser pages. It also periodically loads sets of adverts in the background without user notification. As a side-effect, it sacrifices security and performance of the infected systems for the purpose of making money via ad providers.
[st_image template="B1" alt="Injecting adverts in visited pages." select_image="http://now.avg.com/wp-content/uploads/2015/09/askcom.png"]
[st_image template="B1" alt="Flood of pop-up windows." select_image="http://now.avg.com/wp-content/uploads/2015/09/popups.jpg"]
Details about this threat are described in the following technical analysis.
You can also download the report now.
AVG customers are protected against this threat via our multi-level protection in AVG Internet Security. If you're not protected, you might want to check your systems using the indicators of compromise (IOC) listed in the aforementioned technical analysis.
October 5, 2015 by Jakub Kroustek