ByteFence tries to get rid of the negative reputation

ByteFence ditches its shady distribution method and stops changing browser’s settings

If you are following latest security news or always look up for high-end protection for your computer, you may have heard about ByteFence. However, most likely you read hundreds of negative reviews and questions asking if this anti-malware can be trusted.

Indeed, a couple of years ago, this security program grabbed cyber community’s attention. Many people reported about sudden system scans which ended up with threatening malware reports. No one remembered about installing ByteFence or asking it to check the system.

The research has shown that developers of the program used software bundling which allowed it to get into the system unnoticed during the installation of freeware and shareware. Soon after silent installation, it started scanning the system and scaring users with the results.

Those who decided to check what is this program, why it offers it cleaning services, and how to uninstall it, were surprised one more time. Once they opened their web browsers, they found an unknown homepage – Search.ByteFence.com.

But it seems that developers of the security program decided to stop these aggressive marketing activities. According to the recent analysis, ByteFence no longer actively is promoted in freeware and shareware bundles. It also does not ask to change homepage/default search engine.

Security program no longer gives false positives in order to make people pay for the license

In the official download website, the program is advertised as:

Ultimate protection against Malware, Spyware and Crapware, for Free

This security software has a free version that can identify crapware and malware infections. However, in order to remove cyber threats, you will need to obtain a license. Developers used to spread free version that displayed false positives on the computers. In this way, people were threatened into buying the license in order to clean their machines.

According to the latest research data, the free version does not deliver false positives anymore. Moreover, after downloading the program, you can enjoy the perks of paid version for two weeks. It’s enough time to check if is worth spending almost $30 for 12 months license key.

We have downloaded ByteFence and give this tool one more chance to prove us that developers finally learned from their past mistakes. After quick and successful installation, the program started scanning the system.

Despite the fact, it was supposed to take only “a few minutes,” we waited for the scan results for almost half an hour. No, our computer is not cluttered! The good news is that during the system scan, computer’s performance hasn’t diminished significantly.

After the scan, the program warned about detected infections. We were quite surprised, but it managed to find two potentially unwanted applications. However, the fact that they were marked as “critical risks” and called “malware” tells that the developers still one to threaten users at least a little.

However, we let ByteFence clean these threats and kept it on the PC for more than two weeks in order to check if the program starts some aggressive activities. We only received a few notifications to upgrade to the paid version: no annoying pop-ups every single hour, no sudden system scans that ends up with detected hazardous viruses.

Reputation improved, but it’s still not the best security software

We are happy that Byte Technologies learned from the mistakes and started working on ByteFence’s reputation. There’s no doubt that it takes time to change user’s and security specialists’ opinion. Meanwhile, it is also important to work on the functionality of the program.

Free version works only as a scanner, but ByteFence Pro offers more features:

  • real-time protection from crapware and malware;
  • quarantine infected files;
  • malware removal;
  • scheduled system scans;
  • file whitelisting;
  • online protection for the browser;
  • proxy settings.

However, compared to other security programs, this one does not show the best results. It takes quite a long time to scan the system. Additionally, it may fail to protect machines from ransomware, zero-day malware, rootkits or bootkits. Software does not offer anti-phishing, anti-fraud, anti-theft, webcam or USB protection too.

Indeed, there’s plenty of space to improve. However, we expect to see more positive changes. Maybe we will soon have another great security tool in the market.

Antivirus detects idp.alexa.51 malware: what should you do about it?

Idp.alexa.51 – malware detected by popular antivirus programs

During the past couple of years, computer users were chatting on various forums about strange malware detection. Idp.alexa.51 was a hot topic and a major problem for popular AV engines AVG, Avira, and Avast. These security programs displayed a false positive and warned about the non-existent cyber threat.

Idp.alexa.51 file is a part of online games and applications, such as “EasySpeedUpManager2,” “Plants vs. Zombies,” and “SeaMonkey.” However, after the installation of these apps, antivirus programs displayed threatening alert – a computer is infected.

Problems were also reported during the installation of HitMan Pro – a secondary anti-virus scanner and malware removal tool. One of the files that belong to a software, HitmanPro.exe, was also identified as Idp.alexa.51 malware.

The issue was widely reported by Windows 8.1 and Windows 10 users since 2016. It was nothing else than a bug that displayed false positives. Despite the fact, security vendors fixed the problem and offered updates, reports about the same problems keep emerging in 2018. However, specialists warn that such virus detections should not be overlooked.

Idp.alexa.51 might be malicious

When security program displays alert of detected cyber threat, you should not avoid it. Indeed, in some cases, it might malfunction and display fake threats. However, if you noticed your computer acting oddly, you should take security warning under consideration.

Some security specialists report that idp.alexa.51 file might be associated with malware. Some Trojan horses are using this misleading name to infiltrate machines and perform harmful activities in the background. This cyber threat sometimes is also called as Alexa virus.

Therefore, if you think that there might be a chance that your computer may have been infected, you should update your security program or obtain a new one in order to inspect the file and whole system.

Identify malware on your computer

How should you know if idp.alexa.51 is actually malicious? Obviously, you cannot trust your antivirus program only. Unfortunately, even the best tools tend to fail. However, infected computers are not hard to recognize. Computer infections can be often recognized from the following symptoms:

  • Unresponsive programs,
  • Installation of unknown applications, tools, browser extensions or add-ons,
  • Sluggish computer’s performance,
  • Various Windows errors popping up on the screen,
  • Random programs are opening without your permission,
  • An increased amount of ads,
  • Encrypted, corrupted or deleted files.

If you notice at least a few of these symptoms, you should not avoid a virus detection. We highly recommend updating you AVG, Avira, Avast or another security program you use and run a full system scan with it. However, if this doesn’t help, you might consider obtaining a new professional malware removal tool to fix computer properly.

Things to consider before using Wikibuy

Wikibuy is an extension which offers cheaper alternatives to your purchases

If you are looking for a shopping assistant, WikiBbuy may have caught your eyes. This Google Chrome browser add-on is a quite popular tool that helps to save money when shopping online.

Wikibuy is a comparison service which looks up the internet for a better deal for you. For example, if you are looking for a sofa on Amazon, the pop-up shows you a better deal somewhere else. Additionally, Wikibuy searches for coupons and offers that might be offered online by the original retailer and presents them to you to apply.

Developers of this shopping assistant also thought of other useful features, such as Wikibuy Checkouts which allows purchasing in different e-shops without having to log in to their accounts, filling forms and letting retailers know your personal information.

Moreover, users are offered order tracking feature, money back guarantee and loyalty rewards. All of these features are not unique. However, this basic functionality allows trusting the developers and trying their free application.

The service is free, and the developers generate revenue whenever a customer chooses the item suggested via Wikibuy extension. Therefore, you will not find this extension causing intrusive ads or redirects. However, users report about this extension is not as good as promised.

Downside of Wikibuy: doing your research might help to save more money

Wikibuy developers claim to have over 1 million happy customers. However, the reviews and comments online reveal that not all users are very pleased with this Chrome extension. Among negative opinions are:

  • the add-on does not tell where you can get the same goods for the lowest price;
  • longer shipping time compared to buying directly from buying directly from specific e-shops;
  • data tracking and sharing that might put user’s privacy at risk.

According to some users, developers of the add-on are not genuine. This shopping assistant does not provide the lowest price in the market. Some reports tell that doing your researcher helps to save more money than relying on Wikibuy.

The latter situation seems to be related to developer’s participation in affiliate marketing programs. It means that they get revenue if Wikibuy users buy a specific “low-priced” product. This activity makes developers look untrustworthy.

Another serious problem with Wikibuy is that it keeps a whole bunch of personal and non-personal information. According to the Privacy Policy, the following information is tracked and recorded:

  • User-provided information;
  • Cookies and automatically collected information;
  • Location information;
  • Third-party web beacons and third party buttons;
  • Information from other sources;
  • Payment information;
  • Transaction data.

What is more, aggregated details might be shared with affiliates. As a result, you might start noticing a bunch of ads based on your recently search items or bought products. However, interest-based ads might be not only annoying but in some cases dangerous too, for instance, they might redirect to phishing or infected websites.

Things to remember if you decide to install and try Wikibuy

Just like many other programs and browser add-ons, Wikibuy has its pros and cons too. If you are a user who takes his or her privacy seriously, probably you won’t consider installing it to your browser and testing it out.

Otherwise, you might just give this free extension a try. However, if you decide to use it, we want to remind that you should be careful. First of all, make sure that you are installing safe and legit Wikibuy extension. For this reason, you have to install it from the official website, Chrome app store or iTunes.

Note that this extension is not compatible with Safari, Mozilla Firefox or Android operating system. Thus, if you find offers to download such versions of Wikibuy, you might be targeted by the cyber criminals.

Additionally, be careful with ads that you notice online. Do not rush to click them. Offers that seem “too good to be true” typically are not real and designed to get your click only. Additionally, if you decide not to show through Wikibuy, make sure that you are not on a phishing website.

Finally, when shopping online, you should always do your research before entering your personal information and paying for the good. All free shopping assistants might have the same problem – their financial wealth might depend on affiliates. Hence, they might not be very honest with you.

Chrome Search browser hijacker and its versions keep actively spreading in the cyberspace

Chromesearch.win virus is nothing more than an impersonator of Google Chrome

Chromesearch.win operates as a fraudulent search directory which is remarkably similar to Google Chrome. In other terms, it aims to imitate this famous search engine to trick users into believing its legitimacy. While there are numerous claims about how this unreliable program respects your privacy, research shows the opposite — it collects private details related to your browsing sessions on purpose.

We want to warn you not to fall into the trap of an attractive description because the authors of Chrome Search explicitly point out that this is the privacy-respecting program. However, if you attentively check the Privacy Policy, its developers state that they save the personal information you provide them despite whether it happened on their request or not. Likewise, you have no guarantees that your private details will not be sold to third-parties or misused in other ways.

Note that any of the browser hijacker versions mentioned below and those still not identified, perform similar or exact activities which might put your privacy and computer security at risk. Therefore, you should remove ChromeSearch.win right away and do not believe in the fraudulent claims about its usefulness.

The activity of Chrome Search and its versions

It is essential to mention that currently, Chromesearch.win virus is on the rise. Experts have successfully identified Clean My ChromeCleanserp.net, and Chromesearch.today as the offsprings of the mother program. Additionally, ChromeSearch.club is the newest variant which has reached the cyberspace at the beginning of December. This rapid development indicates that users should not expect this browser hijacker to stop taking over their browsers.

Furthermore, once the browser hijacker enters the system, it takes over, such popular browsers as Google Chrome, Mozilla Firefox, Internet Explorer, Safari, etc. In other terms, every time you open a new tab/window or click on your homepage, you are redirected to hxxp://chromesearch.win/.

You should not let these browser modifications to slip through since after ChromeSearch hijack happens, its developers gain full access to collect various information which might be misused to deliver annoying and intrusive ads. They look genuine and attractive. Likewise, people are lured into clicking on one after another.

Also, be aware that ChromeSearch redirect is another potentially dangerous action since it might lead you to highly suspicious websites which increase the risk of getting infected with malware. Thus, avoid clicking on any types of advertisements that appear among the query results displayed by this fake search engine.

We highly recommend you to complete ChromeSearch.win removal right after you notice its presence. Note that the easiest way is to employ a professional security software to help you with different and more sophisticated variants of this potentially unwanted program. Do not hesitate and clean your computer from browser hijackers!

Learn how this PUP stealthily enters your system

While you can manually install Chrome Search extension on the Chrome Web Store, you can also unconsciously let it to your computer without notice. Developers of such browser hijackers aim to take advantage of people who are in a rush and infuse the PUP into the installers of free applications.

Likewise, if the user opts to finish the download/installation procedure as soon as possible, he or she picks Quick/Recommended settings which do not show the hidden PUP inside. Thus, we recommend you to pay more attention to this process and choose Advanced/Custom options. It is vital to de-select the marks which have been selected before and allow to install the potentially unwanted program.

Additionally, you should scan your computer afterward and make sure that the security software will perform Chromesearch.win removal if necessary. This way you will fully protect not only your privacy but computer security as well.

 

Developers of Zeus Panda virus present new distribution strategy

Zeus Panda virus used SEO to attack users

Security researchers warn about new and clever Zeus Panda virus distribution campaign. Developers of the malicious program used Search Engine Optimization (SEO) for poisoning specific financial and banking-related keywords. In order to succeed, crooks compromised business websites first to rank high in Google search results.

Zeus virus is known since 2017. However, for almost a decade new variants of the malicious program are emerging and trying to steal personal information about users. The Zeus Panda, or Panda Banker, virus has been detected in 2016. However, researchers from Cisco’s Talos reported about new distribution campaign at the beginning of November.

According to the report, criminals used a combination of SEO, compromised legit websites and malicious Word macro commands to install data-stealing malware on victim’s computer. Security researchers tell that malware targeted users of  these banks:

  • Nordea Sweden,
  • the State Bank of India,
  • India’s Bank of Barodia and Axis Bank,
  • the Commonwealth Bank of Australia,
  • Saudi Arabia’s Al Rajhi Bank.

Previously, Panda trojan targeted Australian and British banks. However, the interesting fact is, that malware uses geo-filtering. Once it gets inside the device, it checks computer’s language settings. The virus does not launch its activities if the default language is Russian, Ukrainian, Belarusian or Kazakh.

Criminals sophisticated and well-prepared attack

First of all, the attackers compromised legit business websites in order to rank higher in Google search. Then attackers poisoned specific keywords that were supposed to redirect to corrupted sites. According to the research, criminals managed to show their malicious results several times in Google results page when users entered these keywords:

  • “nordea sweden bank account number”
  • “how many digits in karur vysya bank account number”
  • “free online books for bank clerk exam”
  • “al rajhi bank working hours during ramadan”
  • “how to cancel a cheque commonwealth bank”
  • “free online books for bank clerk exam”
  • “salary slip format in excel with formula free download”
  • “bank of baroda account balance check”
  • “axis bank mobile banking download link”
  • “bank guarantee format mt760”
  • “sbi bank recurring deposit form”

The compromised websites included a malicious JavaScript code to initiate redirects until a macro-enabled document is installed on the system. Once opened, the document asks to enable macros to view the content. Indeed, clicking “Enable Content” button leads to the installation of Zeus Panda virus.

Developers of Panda Trojan used traditional malware distribution methods before

Since the appearance of Zeus Panda malware, authors tried several distribution methods until they came up with the idea to rely on SEO. They spread the trojan via malicious spam emails and three exploit kits – Angler, Nuclear and, Neutrino.

However, the malspam campaigns also included Word document that downloaded malware executable on the system. Other campaigns exploited CVE-2014-1761 and CVE-2012-0158 vulnerabilities to attack media and manufacturing corporations.

Bad Rabbit ransomware: tips to avoid the latest version of Petya

New variant of Petya emerged – Bad Rabbit ransomware virus

On the 24th of October, the new version of Petya ransomware was reported to attack Russian and Ukrainian organizations. Petya is known for attacking Ukraine companies and public sector. However, this time the recently discovered Bad Rabbit ransomware hit harder Russia.

According to the latest information, Bad Rabbit virus attacked Kiev Metro and Odessa International Airport. Even though there’s still not a lot of information about the damaged caused to these infrastructure’s systems, the attack is warning sign to all organizations and companies to make sure that their systems and networks are protected.

Additionally, reminding employees security tips is also recommended. The current version of Petya virus spreads as fake Adobe Flash update. Thus, inexperienced users can be easily tricked into downloading a malicious file and causing serious problems to the whole computer network.

However, security researchers did not take long to find a vaccine to prevent ransomware infiltration. Though, basic security tips are also recommended to follow.

Bad Rabbit malware masquerades as Flash update

Drive-by downloads are one of the distribution methods used for spreading Bad Rabbit ransomware virus. The fake Flash update is injected into compromised websites. If users end up on a malicious site, they receive a pop up asking to install the latest update. Once they hit “Install” button, the malicious executable is dropped to the Win32/Filecoder.D folder. Then the install_flash_player.exe file is executed, malware starts data encryption procedure.

However, malware might also exploit a vulnerability in Windows Server Message Block (SMB). At first, it was thought that malware uses EthernalBlue vulnerability. However, latest analysis data says that it’s not true. Malware just scans the internal network and looks for open SMB shares. If it finds, it might affect the whole network.

Protecting computers and networks from ransomware

Bad Rabbit ransomware might cause extreme damage to your company or paralyze important city infrastructures, such as public transportation. However, home computer users should be aware of security tips too.

After the infiltration, malware immediately locks files with a combination of RSA-2048 and AES-128-CBC encryption ciphers and makes them unable to open due to .encrypted file extension. In order to recover files, victims are asked to pay 0.05 Bitcoin. However, the size of the ransom might increase.

Security researchers discovered a vaccine that helps to protect devices from the latest version of the Petya ransomware:

  1. Create infpub.dat and cscc.dat files in c:\windows directory by running cmd.exe as an administrator and entering these commands:
    echo “” > c:\windows\cscc.dat&&echo “” > c:\windows\infpub.dat
  2. Right-click on each of the newly created files and select Properties.
  3. 
Access Security tab in the appeared Properties window.
  4. Click Advanced option.
  5. In the newly appeared window click “Change Permissions…” button.
  6. Uncheck “Include inheritable permissions from this object’s parents” box (Windows 10 users have to choose “disable inheritance button” and then select “Remove all inherited permissions from this object”).
  7. You will receive a Windows Security pop up. Click Remove button.

Additionally, security experts do not recommend paying the ransom and advise to take precautions in order to avoid losing important data loss:

  • Enable automatic Adobe Flash Player updates. In this way, you or your employees will not be tricked into installing bogus update from the pop-up window.
  • Patch the Windows SMB protocol. Also, make sure that your operating system has all necessary security fixes. Install them as soon as they are offered by Microsoft.
  • Install available software updates. Enabling automatic software updates help to avoid misleading alerts. However, if you prefer monitoring updates, you should be careful and do not forget to install them regularly.
  • Do not open suspicious email attachments. Often ransomware-type viruses spread via malicious spam emails that include an infected attachment. Before opening any attached safely looking files, please check the information about the sender and provided an issue to make sure that it’s actually safe to open.
  • Backup data and update it regularly. Having extra copies of the most important files reduces the damage in case of ransomware attack.
  • Strengthen computer’s protection by installing reputable antivirus.

Cybercrime trends Fall 2017: what cyber threats can you meet online?

Be aware of ransomware: your files are still in danger

Recently, Europol announced that ransomware is the most powerful cyber threat among all. Thus, this autumn user should be prepared for data-encrypting virus attacks. One of these threats is a new version of Locky; and we are not talking about Lukitus and Ykcol variants.

In October 2017, researchers discovered Asasin – a new example of Locky that spreads via corrupted email attachments. If it finds the way into the computer, there’s no way to get back your files.

The BTCWare family also continues to grow up. At the beginning of October, BTCWare PayDay ransomware version has been noticed spreading and asking to pay the ransom. Thus, it’s time to backup to avoid possible damage.

Facebook scammers allure victims with free iPhone X

Virtual life on the biggest social network is not simple and calm. The new wave of Facebook virus spread a scam aiming at Apple fans and those who are in desperate need to get the latest iPhone model for free.

Numerous fake pages were created on Facebook and Instagram to attract users to participate in iPhone’s giveaway. Undoubtedly, no one is going to give free Apple phones. The purpose of this scam is to collect a bunch of sensitive information about users. In order to participate in such contest, people are asked to verify their Facebook accounts, enter the full name or contact details.

Scam posts might also redirect to suspicious pages and shows numerous ads. Therefore, naive users can end up on a malicious website until he or she ends up on a phishing site. Thus, this autumn you should not forget that too-good-to-be-true offers are always created by criminals.

Malvertising attacks become bigger and more sophisticated

It seems that malvertising became a new sweet spot for cyber criminals. This autumn crooks launched two massive campaigns to spread malware-laden ads. At the beginning of October, the legit Taboola advertising platform was hacked.

Malicious Taboola ads were noticed on msn.com website. They redirected to a tech support scam website that warned about “harmful virus” and asked to call a toll-free phone number to Microsoft technicians. Indeed, there’s nothing unique about this scam example.

Later KovCoreG group showed that they are capable of hacking another legit ad-services. This hackers team aimed at one of the most popular and most visited websites – Pornhub. However, this time criminals used a sophisticated attack which targeted users by their location and used browser.

People from the US, Canada, the UK and Australia who visited this porn site using Chrome or Firefox were asked to install a critical update. Meanwhile, Microsoft Edge and Internet Explorer users were tricked by fake Adobe Flash Player update. In this way, cyber criminals tricked millions of users to install Kovter click fraud adware. Thus, being careful with ads this fall is more than important.

Ominuous update: Locky now encrypts data as Yckol virus

Locky remains to be a major issue in the cyber space

Perhaps Locky developers ran out of crafty ideas as they ceased making up intriguing names for their malware. After Diablo6 and Lukitus versions were released, the crooks launched a supposedly new version with a brand new name – Ykcol – which is Locky backward.

Any new features?

The latest version does not manifest any exceptional prowess. Besides the alternations in the name, the source code does not seem to have been changed drastically. Nonetheless, there are slight amendments in the distribution campaign.

The menace continues relying on the Necurs botnet which delivers thousands of spam emails worldwide. Since the introduction of Diablo6 and Lukitus extensions, a change in the employed folder type was spotted as well.

Earlier versions of ransomware tended to hide in a .rar folder, but latest editions, including Ykcol, are placed in .7z folder. It contains a VBS script which activates the execution of the file-encrypting threat.

Locky developers retained the habit of disguising the malware in invoice emails. Previous editions were delivered along with a brief message “Files attached. Thanks”. Ykcol tends to fish for gullible users with “Could you please let me know the status of the attached invoice? I appreciate your help!” messages. An alternative sample of the menace tries to persuade potential victims to launch the virus by disguising under the name of Herbalife Nutrition company, which is the nutrition and weight management company located in the US.

From invoices to fake verification emails

While the attention is concentrated on Ykcol ransomware, Lukitus and Diablo6 crypto-viruses should not be ignored as well. Recent analysis reveals that the racketeers disguise the malware under fake Dropbox account verification emails.

In addition, company employees should be especially vigilant about Locky. There have been versions detected which include counterfeited scanned .png images. They are called as scanned printer images.

The problem is that Locky targets company servers. Consequently, it can easily foist such message. Unsuspecting users, thinking that the email was sent by a colleague, might open the corrupted version only to find out Ykcol or Lukitus encrypting their files afterward.

However, though the developers of this menace seem to use conservatives techniques, Locky still remains undecryptable.
Considering prevention means, attentiveness and cyber security are the key factors in warding off Locky:

  • install system updates once they are published
  • update security tools
  • use a couple of different type anti-malware apps
  • double-check the sender of a received suspicious email
Cerber and Locky viruses strike again

Hacking in summer time – Locky and Cerber developers start another distribution campaign

Cerber or Locky – ever-evolving and ever-lasting cyber issues

In case you started wondering whether, by any chance, the notorious two ransomware giants got finally terminated, we are sorry to disappoint you. It seems that the developers of these two threats have wisely spent the summer time: improved viruses target netizens again. What’s new and what should you beware of?

Cerber now sniffs for personal data

Corresponding to its original name – the mythical creature Cerber – the developers decided to add data-stealing features. Now the latest version of the virus, which is distributed as CRBR Encryptor, is able to capture browser passwords and bitcoin wallet-related information.
Besides looking for Chrome, Internet Explorer, Firefox and other browser passcodes, the infection also attempts to steal Bitcoin Core wallet, Multibit and Electrum wallet information.

IT specialists suspect that the source code enabling the mentioned function might belong to another project. Though this new update certainly makes the malware even more menacing, data stealing ransomware is not a novelty. Last year some CryptXXX variants were spotted in engaging in data stealing activity as well.

Locky strikes again in a new disguise

While the title of “Locky ransomware” had been regularly flickering in the media headlines last year, its authors has not abandoned this project. In fact, the time periods between each version imply that the crooks have been working on the new more destructive techniques. Consequently, this summer they decided to drop the habit of naming their virus versions after the names of Egyptian and Scandinavian deities and return to the European mythology.

IT specialists have caught its new version – Diablo6 ransomware – spreading via a new malicious spam campaign. However, observing the tendency, Locky developers have not mastered any extraordinary new technique. As in previous cases, they test targeted users’ curiosity. The compromised email might be sent from an unknown sender with a brief message content: “Files attached. Thanks

Opening the E [date] (random_numer).docx file will executes VBS downloader script which then downloads the main payload of the virus. During the encryption process, the malware will append ridiculously long [first_8_hexadecimal_chars_of_id]-[next_4_hexadecimal_chars_of_id]-[next_4_hexadecimal_chars_of_id]-[4_hexadecimal_chars]-[12_hexadecimal_chars].diablo6 file extension. The current version is relatively modest—it only asks for .49 bitcoin amounting $1.600.

Unfortunately, neither of the ransomware threats are decryptable at the moment. While cyber security specialists continue working on the countermeasures, the virtual community should arm up with awareness and knowledge. Except Cerber, which indeed keeps evolving at the alarming rate, Locky developers seem to rely on the same spam campaigns. If you manage to bridle your curiosity and treat incoming spam emails with cautiousness, you will lower the risk of encountering file-encrypting threats.

AdsKeeper and Stack Player continue bombarding web browsers with ads

Researchers noticed an increased activity of adware programs

Recently, cyber security experts noticed an increased activity in AdsKeeper and Stack Player distribution. These two ad-supported programs are well-known for a while. They have already made browsing the web complicated for hundreds of thousands of computer users.

These programs are known for:

  • being capable of entering the system in software bundles;
  • altering browser’s settings;
  • using “virtual layer” to display third-party ads;
  • delivering an excessive amount of ads;
  • delivering misleading and malicious ads;
  • redirecting to high-risk websites;
  • tracking information about users.

All these negative features disturb browsing the web and make the system vulnerable. For this reason, infected computers become easily accessible to other cyber threats and malware.

We want to point out that you should be careful when installing freeware or shareware. This two adware are widely spreading with PDF converters, video players, and other free programs. Thus, in order to avoid it, you should:

  • choose reliable sources for software installation;
  • use Advanced/Custom installation settings;
  • do not rush to click “Next” button;
  • unmark all third-party entries offered to download together with the primary program.

The major issues caused by AdsKeeper adware

Nevertheless, AdsKeeper is a legitimate advertising program; it might pose a danger to computer users. Some of the ads delivered by this ad-supported application might redirect to potentially dangerous websites.

The problems begin then adware enters the system silently. It might alter targeted browser’s settings in order to display third-party commercial content on various sites. The PUP might deliver ads even on well-known sites. Thus, you can be easily tricked that offer is reliable and safe to click.

However, research has shown that some of the AdsKeeper ads have nothing in common with safety and credibility. Cybercriminals and scammers often take advantage of this advertising platform in order to spread malicious ads.

Within one click, you might end up on tech support scam or phishing website. Crooks might convince you into installing bogus software or revealing personal information. Thus, this adware might be responsible for helping criminals to reach innocent computer users.

It doesn’t matter that it’s not an intended purpose of the adware program. You should take care of your privacy and computer by performing AdsKeeper removal.

The main characteristics of Stack Player virus

Stack Player is advertised as useful video streaming tool that allows browsing through the huge library of video content and watching it straight through the desktop. Indeed, this free application might seem interesting for those who spend hours watching videos.

However, it’s hard to talk about this program’s functionality because it’s impossible to keep it for a long on the computer. After the installation, it instantly starts tracking information about users and delivers suspicious ads on each visited website.

One of the main problems is that Stack Player ads redirect to high-risk websites or promote bogus antivirus, PC optimization software or suspicious browser extensions. Misleading security alerts and offers to install crucial updates might hide malware as well.

Thus, we want to remind that you should stay away from this program and be careful with installation of freeware or shareware. This program might enter the system bundled too. However, if you already made a mistake and allowed this program to settle in your PC, we recommend following Stack Player removal instructions and getting rid of adware immediately.