Adware Bundling hits Popular website platforms – Cloned!

Cloned website Pushing Adware

An adware delivery ploy was uncovered recently that involved the distribution of adware programs via clone websites that use legitimate looking domains.  The deceit came to light when a phony website keepass.fr was discovered that replicated the official site keepass.infoKeepass is an open source password manager tool that helps users to manage their passwords for Windows network logon, websites FTP password, email account, online passwords etc in a secure manner.
Cloned website Pushing Adware

InstallCore adware is pushed when apps from this clone website are installed

The clone of Keepass password manager app appears legitimate and is fully functional. However it is infected with the malicious InstallCore adware.
Cloned website Pushing Adware
InstallCore is an adware program that bundles popular legitimate applications along with malicious third party applications. The user is lured to install the application that comes with a popular title without being aware of making the system susceptible to other adware infections. The offers shown in ads may be legitimate but they do not come alone. They are accompanied by other apps that may be malicious. For instance, crypto currency miners, browser hijackers, adware etc may be pushed along with the legitimate apps.
The motive behind this act is solely monetary. Each successful installation of additional adware programs earns a commission fee to the adware bundlers.

Other similar Cloned website Pushing Adware discovered

Keepass.fr is not the only cloned website. It is just a part of much collection of  typo squatted domains.
  • Typosquatting URL’s: It is a form of cyber squatting that relies on mistakes made by internet users like typos when inputting a website address.
For instance: If movies.com is a legitimate site, the typosquatter’s URL could be:
  1. moveis.com – A misspell based on typos
  2. movie.com – Differently phrased domain name
  3. movies.org – A different top level domain etc
Typos made by users will land them on typosquatter’s website tricking them into thinking that they are on the real web page.
Other fake domains registered by this individual/group used famous sites such as:
  1. GParted etc.Cloned website Pushing Adware
  2. Truecrypt
  3. 7Zip
  4. Inkscape
  5. Audacity
  6. Fileilla
  • Different TLD (Top Level domain): TLD is the highest level domain in the hierarchical domain name system of the internet. For instance, in the domain movies.com, top level domain is com.
TLDs mainly used for the registered fake website are .fr and .es. For example, audacity.fr, truecrypt.fr, blender3d.fr, filezilla.fr, thunderbird.es, audacity.es etc
Cloned website Pushing Adware
Read Full News :- Click Hear

Comments

Post a Comment

Popular posts from this blog

How to Remove Search.newtabtvsearch.com or NewTabTV Redirect?

Image
Search.newtabtvsearch.com is a nasty browser hijacker that hijacks your browser to alter its homepage and new tab functionality. Besides that, it displays constant banners, pop-ups and annoying ads to diminish your overall browsing experience. What is Search.newtabtvsearch.com Redirect? Search.newtabtvsearch.com or Newtab-TV Redirect is a browser hijacker presented in the form of suspicious search engine. This search engine has been developed by Imali Media Ltd. and the company claims that the application let the users watch television, news and their favorite shows on their PC. It will replace the page you see when opening a new tab as given in the image below: Upon installation, Search.newtabtvsearch.com will present its search results to the user through http://search.yahoo.com. Browser extensions like Newtab-TV get installed as a result of software bundling along with free software or applications which the user download off the internet. Threat Summary   ...
Read more

How to remove Speedtest-guide.com redirect from your system

Image
Guide to Remove Speedtest-guide.com redirect Speedtest-guide.com redirect is a nasty browser hijacker that changes the default browser settings such as home-page, search engine & new tab functionality. In addition to that, it displays annoying ads & causes infuriating redirects to dubious sites, thus deteriorating the web-browsing experience. This rogue browser redirector claims to be a free tool that can be used to test Internet speed & customize the web search. It also enables the users to keep a track of the previous tests & access speed boosting tips. While Speedtest-guide.com appears to be a useful & legit application, the users have reported of its questionable behavior. Firstly, to operate on a system, it requires modifying the browser settings without user’s permission. It does so to promote a fake search engine - Speedtest-guide.com. It causes unnecessary browser redirects & possesses the capability of tracking down user’s online ...
Read more

Tampermonkey Chrome Extension Blacklisted by the popular Web Browser Opera

Image
Chrome Web Store is facing an uphill battle from the last few years for hosting malevolent add-ons that claim to enhance your web browser capabilities. Tampermonkey, the widely used free browser extension known to manage user scripts & offer valuable features to improve user’s browsing experience has been declared malicious by the infamous Opera web Browser. So if you have installed  Tampermonkey 4.7.54  extension from Chrome web Store in Opera Browser & using it, you will be alerted by the warning: Opera has blacklisted one of your extensions, and we’ve blocked it for your safety. Go to the extensions manager for more details The popular user script manager extension, Tampermonkey has over 10 million users & is available for all the popular browsers including Chrome, Safari, Opera, Firefox & Microsoft Edge. The distinctive attributes offered by the extension include: Clear Overview over the running scripts. ZIP- based import & export A built-in e...
Read more