Adware Downloads MEVADE/SEFNIT Malware with Links to Tor User Spike
July 07, 2014
View research paper: On the Actors Behind MEVADE/SEFNITGetting bombarded with ads can be annoying. But it’s the price you have to pay for using free apps. For the longest time, the free app arena has worked this way: developers give away their apps for no charge, and in return, they make profit by tying-up with ad networks who use their apps to push ads. A lot of people, including you, might have gotten used to this setup already. What’s the harm in seeing a few ads when you get to enjoy playing free games, editing photos, or chatting with friends, right?
InstallBrain changes all that. It’s an adware—specifically an ad-supported browser plugin bundled with third-party apps—that’s been installed in millions of computers in around 150 countries. Normally, we’d consider adware non-malicious, but the case of InstallBrain is different. Instead of just aggressively pushing ads to your computer, it pushes malware. Given its large user base, this is a serious concern.
Our researchers uncovered evidence that InstallBrain downloads MEVADE (also known as SEFNIT), a malware family responsible for turning computers into bots used for click fraud and bitcoin-mining operations.
In 2013, a vast network of InstallBrain-infected computers was abused to push MEVADE/SEFNIT to users. In August of the same year, MEVADE/SEFNIT caused a huge spike in the number of Tor users. Tor is a software that allows anyone to hide their online activity. From 1 million, Tor’s userbase blew up to 5 million. This caused notable stability problems for the Tor network.
Up to September 2013, the number of Tor users continued to increase in countries like the United States, Russia, and the Ukraine. Our researchers found widespread MEVADE/SEFNIT cases in more than 68 countries, including sparsely populated ones. Within this period, the adware InstallBrain had already gone full-on rogue and was being used to push malware.
This case proves that adware should not be taken lightly. Businesses, security vendors, and users like yourself should take this into consideration. Given what’s happened, a change in mindset is required.
As a user, you can no longer be complacent about downloading free software. For enterprises who provide software as products and services, they should make it a point to be transparent with their customer base. They need to explicitly state what their software does on their customers’ machines. And given how easy it is to abuse adware, the security industry should make it their responsibility to keep adware companies in check.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
Posted in Cybercrime & Digital Threats, Research, Cybercrime, Adware, MEVADE
- Ransomware Spotlight: TargetCompany
- Email Threat Landscape Report: Cybercriminal Tactics, Techniques That Organizations Need to Know
- Preventing an Imminent Ransomware Attack With Early Detection and Investigation
- Inside the Halls of a Cybercrime Business
- Securing Cloud-Native Environments with Zero Trust: Real-World Attack Cases