A report made by Kaspersky labs, an IT solution company and antivirus, has shown that a new trojan posing as an ad blocker is infecting Windows PCs. This new trojan combines the form of a ransomware and a cryptominer for Monero.
The trojan is called “Adshield Pro” and it masquerades as a Windows-version of the legitimate Adshield for Android. The trojan has infected at least 7,000 PC since 1st February.
That’s not all though, the trojan constantly changes and masquerades other legitimate programs, such as Malwarebytes, OpenDNS and NetShield ad blocker. The trojan is found on search results with sites containing malicious code. According to Avast, the fake Malwarebytes installer targeted more than 100,000 PCs on August 2020. The fake installer also goes by the name MBSetup2.exe and contains malicious DLL files Qt5help.dll and Qt5WinExtras.dll with invalid digital signatures.
Once the trojan is on your PC, it will lock up your files before harnessing CPU power to mine Monero cryptocurrency.
But wait, IT GETS WORSE
The trojan will also attempt to install a backdoor so that hackers can remotely control your PC. The backdoor is transmitted through a legitimate version of the Transmission BitTorrent client and then reroutes the PC’s DNS settings so that it redirects to that of the hackers’ servers, and prevents the installation of anti malware programs
The trojan also knows if you’re using a virtual machine by comparing the actual system file to the Windows Licence file. If these don’t match, then the trojan would halt its installation, thus preventing analysis by researchers.
How to avoid such a mishap?
To avoid similar trojans and/or malware from infecting you, always remember to install applications through their official websites only. If files are distributed to legitimate 3rd party downloaders such as filehippo, carefully go through the process of the installer as it may contain “special offers” and install toolbars, or apps you don’t want. Always read the agreement and uncheck the option for the offer to be installed.
SOURCE: tomsguide, securelist by Kaspersky
You must be logged in to post a comment.