A typical campaign attempting to trick users into installing Potentially Unwanted Software (PUA), would usually consist of a single social engineering vector, which on the majority of cases would represent something in the lines of a catchy “Play Now/Missing Video Plugin” type of advertisement. Not the one we’ll discuss in this blog post. Relying on deceptive “visual social engineering” practices, a popular French torrent portal is knowingly — the actual directory structure explicitly says /fakeplayer — enticing users into installing the BubbleDock/Downware/DownloadWare PUA. What kind of social engineering tactics is the portal relying on? Let’s find out.
Posts Tagged: PUA
Whenever a user gets socially engineered, they unknowingly undermine the confidentiality and integrity of their system, as well as any proactive protection they have in place, in exchange for quick gratification or whatever it is they are seeking. This is exactly how unethical companies entice unsuspecting victims to download their new “unheard of” applications. They promise users the moon, and only ask in return that users install a basic free application. Case in point, our sensors picked up yet another deceptive ad campaign that entices users into installing privacy violating applications, most commonly known as PUAs or Potentially Unwanted Applications.
We’ve just intercepted yet another rogue ad campaign, attempting to trick users into installing the EzDownloaderpro PUA (Potentially Unwanted Application). Primarily relying on catchy “Play Now, Download Now” banners, the visual social engineering tactic of this campaign is similar to other PUA related campaigns we’ve previously profiled. Let’s take a look at this new rogue ad campaign, and provide relevant threat intelligence on the infrastructure behind it.
Potentially Unwanted Applications (PUAs) continue to visually social engineer users into installing virtually useless applications. They monetize each and every install by relying on ‘bundling’ which often comes in the form of a privacy-violating toolbar or third-party application. We recently intercepted a rogue ad that entices users into downloading the Mipony Download Accelerator that is bundled with the privacy-invading FunMoods toolbar PUA, an unnecessary bargain with the integrity and confidentiality of your PC.
We’ve all seen it; maybe it’s on your own computer, or that of a friend, your spouse, child, or parent. Your home page has been changed to some search engine you’ve never heard of, there’s a new, annoying toolbar in your browser. Maybe you’re getting popup ads or have a rogue security product claiming you’re infected and asking you to buy the program to remove the infection. Even worse, you don’t know how it got there! Welcome to the world of Potentially Unwanted Applications (PUAs.) Chances are that these programs were inadvertently installed while installing software from sites that use […]
By Adam McNeil PUA’s (Potentially Unwanted Applications) are often nuisance applications which serve little purpose other than using your computer as a gateway for online advertisements or as a catalyst to deliver annoying applications that may pester you to the point where you want to throw your computer out a window. Anti-Malware companies usually have pretty weak detection of these types of programs and have generally failed to protect their customers’ computers from this sort of bloatware. As a result, countless users have to suffer through agonizing pains of pop-up windows, webpage redirects, search redirects, and sometimes even bluescreens just […]
Remember the Win32/Somoto.BetterInstaller Potentially Unwanted Application (PUA)? We’ve just intercepted the latest rogue ad-campaign launched by a participant in their affiliate network, potentially exposing socially engineered users to privacy-invading risks without their knowledge. More details:
Our sensors continue picking up deceptive advertisements that expose gullible and socially engineered users to privacy-invading applications and toolbars, most commonly known as Potentially Unwanted Applications (PUAs). The latest detected campaign utilizes multiple legitimately looking banners in an attempt to trick users into thinking that their media player needs to be updated. Once users install the bogus ‘Media Player Update’, they introduce third-party privacy-invading software onto their PCs and directly contribute to the revenue flow of the cybercriminals behind the campaign. More details:
German Web users, watch what you install on your PCs! Our sensors just picked up yet another rogue/deceptive ad campaign enticing visitors to install the bogus PC performance enhancing software known as ‘PCPerformer’, which in reality is a Potentially Unwanted Application (PUA), that tricks users into installing (the Delta Toolbar in particular) on their PCs. More details:
By Dancho Danchev Looking for legitimate online gambling services? You may want to skip the rogue online casinos that I’ll highlight in this post. Over the past few days, we intercepted multiple spam campaigns launched by the same party, enticing users into downloading fake online casinos most commonly known as the Win32/PrimeCasino/Win32/Casonline PUA (Potentially Unwanted Application). More details: