Examining adware, invasive ads that are everywhere – Security

From July 2018 to July 2019, Kaspersky’s cloud recorded 22 malware infection attempts per second in Brazil. The figure rises to 45 attacks per second considering the 20 countries in Latin America. In the region, about 600 million people live – most of them connected to the internet at least by cell phone. Among the main threats are: 64-bit Windows crackers (piracy) and adware (invasive advertising).

Brazil leads the list of countries with the highest number of attempted attacks of the type, followed by Mexico – 7th and 11th respectively in the global ranking of 20 countries that suffer the most attempts at infection, whether on the computer or smartphones.

Fabio Assolini / Kaspersky / Disclosure

Speaking only of cell phones, Latino users were the target of 6 mobile malware attack attempts per minute in the same period. Again, with more connected inhabitants across the region, Brazil (6th in the global top) and Mexico (9th) pull this line.

A problem with your computer and phone

It is noteworthy that, on both smartphones and computers, the top 10 infection attempts are led by adware. On cell phones alone, almost half of the most popular mobile malware is of this type. A common headache for many owners of Android smartphones and tablets, which account for 81% of the sample of anonymous data from Kaspersky Security Network users (the KSN, the company’s cloud).

Top 10 Threats in Latin America (PC) Type
1 UFO: Blocked.Adware Adware
two RiskTool.Win64.ProcPatcher.a Cracks (piracy)
3 NetTool.Win64.RPCHook.a Cracks (piracy)
4 DangerousObject.Multi.Generic Generic Threat

5

Trojan.Script.Generic

Malicious Script

6

RiskTool.Win32.ProcPatcher.aat

Cracks (piracy)

7

AdWare.Script.Pusher.gen

Adware

8

UFO: Blocked

Malicious URL

9

AdWare.Script.SearchExt.gen

Adware

10

Trojan.Script.Miner.gen

Cryptocurrency Miner

The adware is easily detectable, has a great impact on the user experience, showing too many ads, sometimes in full screen. In the view of Fabio Assolini, a senior analyst at the Russian security company, this is a result of the freeware application industry.

Top 10 Mobile Threats in Latin America Type
1 UFO: Blocked.Adware

Adware (KSN)

two

DangerousObject.Multi.Generic

KSN lock

3

AdWare.AndroidOS.Agent.f

Adware

4

AdWare.AndroidOS.HiddenAd.et

Adware

5

AdWare.AndroidOS.Ewind.h

Adware

6

UFO: Blocked

Malicious URL
7

Trojan.AndroidOS.Hiddapp.cr

Malicious App
8

AdWare.AndroidOS.Dnotua.yze

Adware
9

Trojan.AndroidOS.Hiddapp.ch

Malicious App
10

Trojan.AndroidOS.Hiddad.em

Malicious App

The expert points out that there are several ways to monetize and obtain financial return and the developer is the one who decides how much money he wants to earn in a free app.

“There are SDKs [kits de desenvolvimento] that you take ready and put right into the application. These ad networks share the developer earnings. Which is fair. But, some SDKs are very aggressive, hijack the search in the browser, change the home page, redirect navigation and display advertising full screen”, He says.

What does antivirus understand as adware?

According to Kaspersky, through a checklist, the security system decides whether a new application installed on the smartphone is adware or not. Among the items that are evaluated are: 1) is the uninstallation friendly ?; 2) does the application collect personal data and browsing habits without authorization to target ads ?; 3) does the application offer a clear user interface ?; 4) does the installation occur in a hidden way, by command line or does the user consciously activate it ?; among other factors. The more items on the list the application fills in, the closer it is to adware.

Fabio Assolini / Kaspersky / Disclosure

Fight in Justice

Another particularity of adware is that it is a type of malware that brings with it a sharp legal department. Contrary to the decision by security software to block the download of their applications and games identified as malware, developers even go so far as to sue the antivirus companies that limit them.

“If the developer corrects the flagged points, the company removes the detection, there is no problem. But, there are developers who sue. It happened more than once [na Kaspersky]. Proactive blocking is a posture to protect the user, even if it means process. In many cases, we won and proved that it was problematic, ”he says.

Adware tones

Not every adware classification is obvious and some of them are in a gray area where some experts and users will agree that there are abuses, but there are controversies.

There are two more common ways to get one: some of them hitchhike on installing other programs and applications (especially free ones, which operate in a collaboration system receiving commissions for pay per install) and others via hidden installation.

In addition to constant monitoring – the company blocks suspicious applications based on the list of problematic SDKs – Kaspersky says it maintains partnerships with developers to keep the white list those accordingly.

Before antivirus, however, apps also need to bypass Google Play Protect before it reaches the store. “It’s an eternal cat and mouse fight,” he adds.

Nothing new in the sea of ​​phishing

In the same period, the company blocked 92 million accesses to fake websites originating from phishing messages. Brazil remains the absolute world leader in the total number of phishing threats and has also seen a 33% growth with respect to the previous period. In 2018, 6 countries in the region were on the global list, today there are 9. Venezuela, Chile, Ecuador, Guatemala, Panama, Honduras, Mexico and Argentina are also included.

Kaspersky also revealed which most outdated software causes problems for users because of security flaws and Java leads the list, followed by WinRAR and 7-Zip (without automatic update) and the late Adobe Flash.

Many companies, in particular, keep Java out of date because some programs used by the house, such as accounting and management software, stop working with the latest versions. Another problem pointed out in the report is that Java does not remove the old version after the update, leaving the machine vulnerable.

* The data is “Panorama of Cyber ​​Threats in Latin America”Of 2019, from Kaspersky.

** The journalist traveled to Argentina at the invitation of the company.

Leave a Comment