Tuesday, December 3, 2024
HomeComputer SecuritySoftware Installer Programs Steals User's Confidential Information and Installs Unwanted Software's

Software Installer Programs Steals User’s Confidential Information and Installs Unwanted Software’s

Published on

SIEM as a Service

Users are often guided to install special installers from the site to download the desired applications, but these downloaders do also transfer the confidential information to the communication servers.

It’s easy to find that you have fallen to the victim of advertising partner program, it installs some new apps, ads popups when you open the browser, redirects to different landing pages and so on.

Security researchers from Kaspersky published a report on numbers of users targeted to install advertising partner programs around the globe, most of the attempts (65%) happen in Russia.

- Advertisement - SIEM as a Service
Advertising Partner Program

Advertising Partner Program

Advertising Partner Program plays an intermediary role between the application developers, vendors who distribute it and the site that hosting the application.

So if a user wants’ to download application these sites, they ask to install their downloader first to download the required file. The site owner receives money for making the user’s to install the partner apps and the Advertising Partner Program earns from the advertisers.

File Distribution and Communication

To illustrate the process researchers downloaded a plugin that downloads a game, with their attempt to download the games it redirects to page directed by the file-sharing site administrator and the page offers to download file’s in various formats and provided guides for installation.

Once the application installed to the computer it passes information about the downloaded installer and as well as the user’s confidential information: username, PC domain name, MAC address, machine SID, hard drive serial number, lists of running processes and installed programs without user’s consent.
Advertising Partner Program

After receiving the information the C&C server responds with following fields

adverts – a list that checks for the conditions of software installation
content – that has the file name and link that user to download
Icon – Links for the icon that are to be downloaded later.

If the adverts conditions are fulfilled it adds the id of the advert is added to the adverts_done list. Also, it checks the registry for certain antivirus installations on the computer.

The URL field in contains the link of the advert and the key for installing the software without the user consent. These additional programs will get installed to the computer along with the downloaded file.

“By analyzing the loader process, we managed to get some links to various programs that can be installed secretly. In particular, around 5% of the files were legitimate browser installers. About 20% of the files are detected as malicious (Trojan, Trojan-Downloader, etc.).” researchers said.

Also Read

Best ways to Lock Down the Highly Sensitive Data From the Massive Breaches

Protect Yourself From Most Common Cyber Threats Employed by Hackers To Steal Your Data

Iranian Hacker Group Launch APT Attack on Government Organizations To Steal Email Data, Files & Credentials

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Threat Actors Allegedly Claims Breach of EazyDiner Reservation Platform

Reports have emerged of a potential data breach involving EazyDiner, a leading restaurant reservation...

Salesforce Applications Vulnerability Could Allow Full Account Takeover

A critical vulnerability has been discovered in Salesforce applications that could potentially allow a...

TP-Link HomeShield Function Vulnerability Let Attackers Inject Malicious Commands

A significant vulnerability has been identified in TP-Link's HomeShield function, affecting a range of...

ElizaRAT Exploits Google, Telegram, & Slack Services For C2 Communications

APT36, a Pakistani cyber-espionage group, has recently upgraded its arsenal with ElizaRAT, a sophisticated...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Firefox 133.0 Released with Multiple Security Updates – What’s New!

Mozilla has officially launched Firefox 133.0, offering enhanced features, significant performance improvements, and critical...

Digital Wallets Bypassed To Allow Purchase With Stolen Cards

Digital wallets enable users to securely store their financial information on smart devices and...

Best SIEM Tools List For SOC Team – 2024

The Best SIEM tools for you will depend on your specific requirements, budget, and...