Go to listing page

Several PuP families evolve to add push notifications to their arsenal

Several PuP families evolve to add push notifications to their arsenal
  • PUP.Optional.Stream.All and Trojan.FBSpammer are distributed as browser extension plugins.
  • Users must thoroughly review the extensions before installing them on their browser.

Researchers have detected new potentially unwanted program (PUP) families that use notification services to conduct fraud. Tracked as PUP.Optional.Stream.All and Trojan.FBSpammer, the new PUPs are distributed to victims’ systems as browser extensions or plugins.

About PUP.Optional.Stream.All

According to the researchers from Malwarebytes Labs, the PUP.Optional.Stream.All is a search hijacker. It redirects users to Yahoo! Search results when they are searching using the address bar.

The malicious extension can be installed on a victim’s system through websites that come in in three different versions:

  • Version 1: It is a basic design guideline on how to install the Chrome extension;
  • Version 2: It shows a circle which indicates the installation process of the extension. Once the installation is complete, the circle become complete blue.
  • Version 3: It looks ‘bit more’ fancy and urges the user to not miss out of the extension. It comes in a few slightly different color schemes.

The three websites posted above all lead to StreamAll, the same Chrome extension that I have used as an example for this family. In fact, they all redirect to this extension in Chrome’s web store at some point,” said Malwarebytes Lab’s Pieter Arntz.

What next?

Once the extension is installed, the screen on the victim’s machine shows a ‘Thank You’ page. However, it has already begun pushing promotional deals in the background.

About Trojan.FBSpammer

Trojan.FBSpammer is another PUP family that is distributed as a Firefox extension. This extension can be found at sites that convince users into downloading an updated version of Flash player software.

“They also ask for permission to send you notifications and—just like StreamAll—they use a provider that is blocked by Malwarebytes for fraud. But in this case, annoying push notifications are the least of users’ worries,” added Arntz.

Apart from pushing notification, it also checks if the user is connected to Facebook.

The bottom line

Users must thoroughly review the extensions before installing them on their browser. These extensions can take advantage of unaware users and steal their personal details.

Cyware Publisher

Publisher

Cyware