Adware Downloads MEVADE/SEFNIT Malware with Links to Tor User Spike
July 07, 2014
  
    
            
            
         View research paper: On the Actors Behind MEVADE/SEFNIT
 View research paper: On the Actors Behind MEVADE/SEFNIT
InstallBrain changes all that. It’s an adware—specifically an ad-supported browser plugin bundled with third-party apps—that’s been installed in millions of computers in around 150 countries. Normally, we’d consider adware non-malicious, but the case of InstallBrain is different. Instead of just aggressively pushing ads to your computer, it pushes malware. Given its large user base, this is a serious concern.
Our researchers uncovered evidence that InstallBrain downloads MEVADE (also known as SEFNIT), a malware family responsible for turning computers into bots used for click fraud and bitcoin-mining operations.
In 2013, a vast network of InstallBrain-infected computers was abused to push MEVADE/SEFNIT to users. In August of the same year, MEVADE/SEFNIT caused a huge spike in the number of Tor users. Tor is a software that allows anyone to hide their online activity. From 1 million, Tor’s userbase blew up to 5 million. This caused notable stability problems for the Tor network.
Up to September 2013, the number of Tor users continued to increase in countries like the United States, Russia, and the Ukraine. Our researchers found widespread MEVADE/SEFNIT cases in more than 68 countries, including sparsely populated ones. Within this period, the adware InstallBrain had already gone full-on rogue and was being used to push malware.
This case proves that adware should not be taken lightly. Businesses, security vendors, and users like yourself should take this into consideration. Given what’s happened, a change in mindset is required.
As a user, you can no longer be complacent about downloading free software. For enterprises who provide software as products and services, they should make it a point to be transparent with their customer base. They need to explicitly state what their software does on their customers’ machines. And given how easy it is to abuse adware, the security industry should make it their responsibility to keep adware companies in check.
HIDE
            
            Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
 Complexity and Visibility Gaps in Power Automate
Complexity and Visibility Gaps in Power Automate AI in the Crosshairs: Understanding and Detecting Attacks on AWS AI Services with Trend Vision One™
AI in the Crosshairs: Understanding and Detecting Attacks on AWS AI Services with Trend Vision One™ Trend 2025 Cyber Risk Report
Trend 2025 Cyber Risk Report Stay Ahead of AI Threats: Secure LLM Applications With Trend Vision One
Stay Ahead of AI Threats: Secure LLM Applications With Trend Vision One