Consumer

Weather Forecast for Today? Advert Flood Coming from East

October 5, 2015

Advert-injection techniques have been heavily used by malware authors in recent months. In this in-depth analysis, we look at one such recent malicious program and reveal its authors.

JakubKroustek
Malware analyst and яeverse engineer

Despite blocking efforts, online advertising is a daily part of our lives. Most of us get used to the large volume of adverts displayed daily, but authors of malicious code are trying to push the limits much further nowadays via advert-injection techniques used in malware threats.

Spreading

In this post, we present a case study of one such malware that we detected via our AVG Identity Protection (IDP) component. Based on our telemetry, this infection is highly active and it is reaching its maximal peak. The most affected countries are the United States and Germany, followed by Saudi Arabia and the United Arab Emirates.

Countries most affected by spreading of this adverts-injection campaign (Jun-Sep 2015).

Behaviour of This Threat

The user infection starts while installing an application proclaimed by its authors as a “Weather Forecast Application”. However, once installed, this application silently downloads and installs other components that are purely malicious – this threat tries to infect all installed browsers and inject additional adverts in browser pages. It also periodically loads sets of adverts in the background without user notification. As a side-effect, it sacrifices security and performance of the infected systems for the purpose of making money via ad providers.

Injecting adverts in visited pages.
Flood of pop-up windows.

Detailed Analysis

Details about this threat are described in the following technical analysis.

You can also download the report now.

Stay Safe

AVG customers are protected against this threat via our multi-level protection in AVG Internet Security. If you’re not protected, you might want to check your systems using the indicators of compromise (IOC) listed in the aforementioned technical analysis.

Jakub Kroustek
October 5, 2015


prefooter-platform.pngprefooter-text.png