Posted on June 20, 2018 at 9:29 AM
Researchers from various security companies have been noting a significant increase in malware activity recently, and one of the most popular uses of malware is actually through adware. One of the malware that was found to be popular recently is called Zacinlo, and it is nothing less than a specialist in fraud revolved around advertising.
Adware’s use and misuse
It is not that surprising that the adware misuse is continuing to rise, considering that it represents easy money for online criminals. All they need to do is install the malicious software in advertisements, and watch it do its work, while their funds increase.
According to Bitdefender, a type of malware by the name of Zacinlo has recently resurfaced, and it is quite a specialist when it comes to the ad fraud. Zacinlo seems to be a very capable piece of malicious software, and it was found on several platforms so far, which also includes Google AdSense.
Adware is mostly used to increase the software developers’ earnings through the apps that they are supplying their consumers with. However, one of the unspoken rules about its use states that there can be no financial strings attached. With that in mind, the use of adware has been a very popular and beneficial strategy. Basically, advertisers would take care of the product’s cost, an all they want in exchange is the customers’ data that the adware would collect.
Bitdefender’s white paper states that adware has seen a lot of improvements in the last several years, and is now much more capable of collecting data. It is also, unfortunately, quite hard to remove. Because of this, it is often quite difficult to determine when and where a part of software stops being an adware and starts working as a full-grown spyware.
The modern adware is known for combining several aspects as part of its behavior. Those include very aggressive opt-outs, as well as persistence mechanisms that have the potential to take control of the users’ device without their consent. Confusing marketing and legal terms are also a part of the equation, and they do not exactly work in the users’ favor.
Zacinlo is back, and stronger than ever
As for Zacinlo, it is a spyware that has been known to researchers ever since the beginning of 2012. It works by infecting the PC of its target, and then its strategy includes two possible paths. It will either try to open invisible browser instances, which it will use for loading ads and simulating user’s clicks, or it might choose to change any ad that might load naturally within the user’s browser. If it chooses to go for the second option, it will replace the regular as with those that the attacker can benefit from.
One curious thing regarding this malware is that it has a rootkit driver, which basically works as a method of protection. It is capable of protecting itself, as well as all of the components that it believes are a part of it. It is very rare, even by today’s standards, and it is also extremely hard to successfully remove from a device. Most of the time, it is contained in less than 1% of the detected threats, which makes Zacinlo one of the most persistent threats currently out there.
Bitdefender’s senior e-threat analyst, Bogdan Botezatu, has stated that this kind of threats show that crime actually does pay, at least when it comes in the form of misused adware. According to him, misusing ads for profit is not a new thing, but Zacinlo is a type of threat that is taking this issue to a completely different level. It is complex and long-lasting, and researchers have managed to determine that its use has already made a large amount of money for its hackers.
As for the method of detection, Botezatu has stated that the best thing that the users can do is to do a full security sweep of their devices from time to time.