Whenever a user gets socially engineered, they unknowingly undermine the confidentiality and integrity of their system, as well as any proactive protection they have in place, in exchange for quick gratification or whatever it is they are seeking. This is exactly how unethical companies entice unsuspecting victims to download their new “unheard of” applications. They promise users the moon, and only ask in return that users install a basic free application. Case in point, our sensors picked up yet another deceptive ad campaign that entices users into installing privacy violating applications, most commonly known as PUAs or Potentially Unwanted Applications.
Sample screenshots of the landing page:
Landing URL: spyalertapp.com
Detection rate for the SpyAlertApp PUA: MD5: 183cf05e8846a18dab9850ce696c3bf3 – detected by 4 out of 47 antivirus scanners as Win32/ExFriendAlert.B; SearchDonkey (fs)
Once executed, it phones back to 220.127.116.11 and 18.104.22.168
The following PUA domains are also known to have responded to the same IPs:
The following PUA MD5s are known to have phoned back to these IPs:
Want to known who’s tracking your online activities? We advise you to give Mozilla’s Lightbeam, a try.
Webroot SecureAnywhere users are proactively protected from these PUAs.