In a blow to consumer confidence and a strike against trust in publishers, a type of malware is distributing adware to people searching and using the web, allowing attackers to take screenshots of infected machines' desktops and redirect pages in browsers.
Researchers at the security firm Bitdefender found the adware, a “rootkit-based spyware,” that has been running covertly for years. It allows attackers to take screenshots of infected machines' desktops.
The malware, Zacinlo, appears to date back to 2012, but recently became very active. The majority of the victims are in the U.S., with 90% running Microsoft Windows 10. The adware is driven by browsers such as Chrome, Edge, Firefox, Internet Explorer, Opera and Safari.
Zacinlo’s goal is to serve adware and display advertisements developed by the attackers in web pages that site visitors go to, and then to get them to click through to generate ad revenue.
“The line between adware and spyware has become increasingly fuzzy during recent years as modern adware combines aggressive opt-outs with confusing legal and marketing terms as well as extremely sophisticated persistence mechanisms aimed at taking control away from the user,” wrote Bogdan Botezatu, computer security expert at Bitdefender Labs, in a blot post.
The adware’s unique features include the ability to use many platforms to pull advertisements from like Google AdSense; uninstall and delete services based on the instruction it receives; report some information about the environment it runs in; take screen shots of the desktop and send them to the command and control center for analysis; and redirect pages in browsers, and updates automatically.
The researchers also note that new ads are injected very easily when older versions are detected and stopped, so those who invented the adware can quickly replenish the ads for targeting.