SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
29 Mar 2017

Adware rewrites phone details for legitimate security software on Google search

A new adware family changes the contact details of legitimate security companies in search results to promote tech support scams.

Dubbed Crusader, the adware is often installed as part of nuisanceware and free software bundles, downloading itself as a free browser extension for Chrome, a Firefox add-on, and Internet Explorer Browser Helper Object.

When executed, the malware requests permissions to read and change the information on websites you visit, and should the user grant permission, their entire internet traffic is at risk of exploit or manipulation. As described by Catalin Cimpanu, Crusader pulls instructions from a configuration file downloaded after a user is infected, as well as on PC boot-up. The file has been discovered in a server based in India, of which the operator can instruct the malware to show popup adverts, insert banner ads on top of websites, replace existing banners, and redirect users to specific URLs.

Should a user input specific keywords into a search engine, for example, "Quickbook support," Crusader will display pop-ups or adverts leading to fraudulent or malicious domains dictated by the operator. An example extract of the configuration file directs Crusader to open a new window to amazingdeals.online every time the user attempts to access the legitimate UK Amazon domain.

One of the most interesting aspects of Crusader, however, is the range of settings which prompt Crusader to spy on and replace the contact numbers for a number of security product developers and technology firms.

Should a victim type "Dell support number" or "Norton support number," then these keywords are picked up and the phone numbers are replaced with details leading to call centers where operators will pretend to be from these companies -- potentially leading to the 'representatives' persuading victims to hand over account and bank details, or even install additional malware on their system.

There is no limit to how many redirects and rewrites Crusader can perform in this way. "This is both a self-defense mechanism and a marketing tool," expert says. "We presume more options could be added to target other antivirus vendors." Crusader appears to still be in the testing and development stage due to the malware's code containing multiple references to "demo," as well as placeholder settings.

If you often download free software, which comes in a bundle format, you need to be aware that nuisanceware and adware may be part of the deal. In order to support free software, developers will often strike deals with third-party software providers to create downloadable bundles, but you should always check to see what it is you are agreeing too -- and uninstall or refuse to download any extension or software add-on which looks suspicious.

Tags:
information leaks Google fraud
Source:
ZDNet
1615
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015