A typical campaign attempting to trick users into installing Potentially Unwanted Software (PUA), would usually consist of a single social engineering vector, which on the majority of cases would represent something in the lines of a catchy “Play Now/Missing Video Plugin” type of advertisement. Not the one we’ll discuss in this blog post. Relying on deceptive “visual social engineering” practices, a popular French torrent portal is knowingly — the actual directory structure explicitly says /fakeplayer — enticing users into installing the BubbleDock/Downware/DownloadWare PUA. What kind of social engineering tactics is the portal relying on? Let’s find out.
Posts Tagged: privacy
Whenever a user gets socially engineered, they unknowingly undermine the confidentiality and integrity of their system, as well as any proactive protection they have in place, in exchange for quick gratification or whatever it is they are seeking. This is exactly how unethical companies entice unsuspecting victims to download their new “unheard of” applications. They promise users the moon, and only ask in return that users install a basic free application. Case in point, our sensors picked up yet another deceptive ad campaign that entices users into installing privacy violating applications, most commonly known as PUAs or Potentially Unwanted Applications.
We’ve just intercepted yet another rogue ad campaign, attempting to trick users into installing the EzDownloaderpro PUA (Potentially Unwanted Application). Primarily relying on catchy “Play Now, Download Now” banners, the visual social engineering tactic of this campaign is similar to other PUA related campaigns we’ve previously profiled. Let’s take a look at this new rogue ad campaign, and provide relevant threat intelligence on the infrastructure behind it.
Potentially Unwanted Applications (PUAs) continue to visually social engineer users into installing virtually useless applications. They monetize each and every install by relying on ‘bundling’ which often comes in the form of a privacy-violating toolbar or third-party application. We recently intercepted a rogue ad that entices users into downloading the Mipony Download Accelerator that is bundled with the privacy-invading FunMoods toolbar PUA, an unnecessary bargain with the integrity and confidentiality of your PC.
Our sensors continue picking up deceptive advertisements that expose gullible and socially engineered users to privacy-invading applications and toolbars, most commonly known as Potentially Unwanted Applications (PUAs). The latest detected campaign utilizes multiple legitimately looking banners in an attempt to trick users into thinking that their media player needs to be updated. Once users install the bogus ‘Media Player Update’, they introduce third-party privacy-invading software onto their PCs and directly contribute to the revenue flow of the cybercriminals behind the campaign. More details:
Cybercriminals have recently launched a privacy-violating campaign spreading across Facebook in an attempt to trick Facebook’s users into installing a rogue Chrome extension. Once installed, it will have access to all the data on all web sites, as well as access to your tabs and browsing history. More details:
By Mike Kronenberg Attention Facebook and Twitter users: You’re still at risk. Last year, our survey found that lots of people using social networking sites were taking the risk of financial loss, identity theft, and malware infection. Have things gotten any better? Well, the answer is yes but, unfortunately, not better enough — and potentially a lot worse for some of you. The results of our 2010 survey reveals that more of you are adhering to some safe behaviors — like blocking profiles from being visible through public search engines. That’s a good thing, but the downside is over 25 […]
A phishing campaign that started around the beginning of the year, targeting gamers who use Valve Software’s Steam network, continues unabated but with a twist: The phishers have registered dozens of domain names, such as trial-steam.tk or steamcommunity###.tk (where the ### can be a two or three digit number), which are used to host the phishing pages. The pages appear to be a “Steam Community” login page which looks identical to Valve’s Steam Community Web site. There are a few ways you can quickly identify whether you’re on the right page, or a fake. For one, the real Steam Community […]