Adware Downloads MEVADE/SEFNIT Malware with Links to Tor User Spike
July 07, 2014
InstallBrain changes all that. It’s an adware—specifically an ad-supported browser plugin bundled with third-party apps—that’s been installed in millions of computers in around 150 countries. Normally, we’d consider adware non-malicious, but the case of InstallBrain is different. Instead of just aggressively pushing ads to your computer, it pushes malware. Given its large user base, this is a serious concern.
Our researchers uncovered evidence that InstallBrain downloads MEVADE (also known as SEFNIT), a malware family responsible for turning computers into bots used for click fraud and bitcoin-mining operations.
In 2013, a vast network of InstallBrain-infected computers was abused to push MEVADE/SEFNIT to users. In August of the same year, MEVADE/SEFNIT caused a huge spike in the number of Tor users. Tor is a software that allows anyone to hide their online activity. From 1 million, Tor’s userbase blew up to 5 million. This caused notable stability problems for the Tor network.
Up to September 2013, the number of Tor users continued to increase in countries like the United States, Russia, and the Ukraine. Our researchers found widespread MEVADE/SEFNIT cases in more than 68 countries, including sparsely populated ones. Within this period, the adware InstallBrain had already gone full-on rogue and was being used to push malware.
This case proves that adware should not be taken lightly. Businesses, security vendors, and users like yourself should take this into consideration. Given what’s happened, a change in mindset is required.
As a user, you can no longer be complacent about downloading free software. For enterprises who provide software as products and services, they should make it a point to be transparent with their customer base. They need to explicitly state what their software does on their customers’ machines. And given how easy it is to abuse adware, the security industry should make it their responsibility to keep adware companies in check.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Exposed Container Registries: A Potential Vector for Supply-Chain Attacks
- LockBit, BlackCat, and Clop Prevail as Top RAAS Groups: Ransomware in 1H 2023
- Diving Deep Into Quantum Computing: Modern Cryptography
- Uncovering Silent Threats in Azure Machine Learning Service: Part 2
- The Linux Threat Landscape Report