Information-stealing "adware" lurking in ESET browser What is adware? How to prevent adware infection

　This article is a re-edited version of "What is adware that hides in browsers and does evil?" published in the "Malware Information Bureau" provided by Canon Marketing Japan.

　Adware's "Ad" comes from the initials of advertising. As the name suggests, adware is software designed to generate income by displaying advertisements. Adware is often infected when installing free software. Advertisements are mostly displayed for the purpose of freeware producers earning affiliate income or encouraging them to purchase paid versions. Freeware can be regarded as a necessary thing for business to succeed. In recent years, there are smartphone apps that display ads in the free version of the app, but there are smartphone apps that remove the ads if you switch to the paid version, and these are also considered adware in a broad sense. However, adware is generally defined as something that causes the following symptoms:

・The first page displayed when the browser is opened has changed

　Symptoms caused by adware, also known as a browser hijacker. Once infected, the first page displayed when the browser is opened is rewritten, and changing the browser settings does not improve the situation. "Hao123", "Babylon Search" and "Delta Search" are well known. The displayed page is often a screen with a search engine function, so if you don't care about search accuracy, you can use it as it is. However, the risk of information leakage such as search history and input data is high, and it cannot be said to be safe. It is a very troublesome adware because it is difficult to completely uninstall it.

・A toolbar is added to the browser

　Built-in adware that arbitrarily adds a toolbar to the browser. When infected with this type of adware, the browser's toolbar narrows the screen size, making it difficult to view when browsing. However, it is easy to get rid of as it only removes the toolbar. Many people may have experienced that the number of toolbars has increased unintentionally.

・Pop-up ads are displayed

　While browsing the website in the browser, warnings such as "Spyware detected!", "Infected!" prompt. Even if you are not actually infected, not only is the warning displayed, but it may be displayed multiple times, which is very annoying. In many cases, sites that are clicked and guided are often used for malicious purposes. It would be good if the damage was limited to buying unnecessary software, but there is a high security risk because the credit card number entered may be leaked as is. People who have been victimized once tend to be targeted repeatedly, and the amount of damage tends to be large. If you click anywhere on the displayed screen, dangerous malware may be downloaded, or a warning screen may be displayed periodically, so please close the tab if it is displayed. Please take care.

　Adware infections are mainly caused by the user's own carelessness. For example, when installing free software, you may continue to push the "Next" button by inertia and install adware along with it. When you press the "Next" button, you can avoid installing unnecessary software simply by removing the check box. However, in some cases, there is no proper explanation and prompts you to install it, so be very careful when installing free software.

　Furthermore, in recent years, there have been reports of cases in which malicious malware, including adware, is embedded in free software itself. In this case, it is not possible to avoid installing unnecessary software by unchecking the check box during installation. The presence of such free software has been pointed out at famous overseas download sites. In this situation, it can be said that "nothing is more expensive than free", and it seems better to avoid installing free software as much as possible.

　There have also been reports of damage caused by adware infection just by visiting a specific website. Even if you just browse the website, in many cases, the users themselves are infected with adware due to actions such as clicking on links or checking when answering questionnaires. This technique has evolved further, and there is also a technique called "clickjacking" in which a transparent banner is superimposed on a normal banner to invite users to click casually. A casual click can infect you with malicious adware. Adhering to the principle of not accessing suspicious sites as much as possible can be said to be a defensive measure to prevent infection with adware.

Clickjacking https://eset-info.canon-its.jp/malware_info/term/detail/00055.html

　There is a limit to just restricting the user's own actions in order to deal with the tricks that have become more sophisticated in recent years. Some security software, such as anti-virus software, can prevent the installation of adware itself. It is effective to always update to the latest version. Since the OS and browser themselves have strengthened their security measures against adware, it is advisable to keep them up to date as well as the security software. In addition, sites that disseminate security information, including this malware information bureau, also provide information on adware damage and countermeasures as appropriate. Checking such information will lead to minimization of damage.

　Even if you are infected with adware, basically the infection does not spread via the network like most malware. For this reason, it seems that there is no problem if you put up with annoying advertisement display, and is it left as it is? However, leaving adware unattended can lead to other threats such as information theft, so it should be removed as soon as possible. So how do we get rid of it?

　First, try to uninstall any software that comes to mind. If you have installed an application that you do not intend, you should uninstall it immediately. However, adware is often embedded in the browser's configuration file and cannot be removed using this method. In this case, you may be able to uninstall it by deleting browser add-ons or extensions, so it would be a good idea to try.

　But the easiest way is to use anti-virus software if you have installed it. Run a file scan on your computer to find and remove all adware. If you do not have such security software installed, you will need to remove it manually. Without security software such as anti-virus software, removing adware is extremely difficult. I would like to strongly try to stop them at the water's edge and "do not let them invade".

The Threat of Adware Becomes Malicious - Based on the Superfish Case https://eset-info.canon-its.jp/malware_info/trend/detail/150518.html

　Just as the target of malware is shifting from personal computers to smartphones, the target of adware is also moving towards smartphones. Adware is installed along with the free app. If the advertisement is only displayed on the screen of the free application, it is normal for the creator of the application to earn advertising income. However, if you see symptoms such as pop-up ads or unintended websites, you should suspect adware.

　If you have any suspicious symptoms, immediately delete the app that comes to mind. Normally, this should be enough to get rid of adware. However, depending on the nature of the app, it may not be possible to remove it completely. As with PC countermeasures, it is desirable not to install suspicious applications as much as possible. Especially for Android devices, the risk of adware infection is higher than for iPhones, so be extra careful. If you still use non-standard apps, we recommend installing security software for smartphones as a countermeasure.

　The line between malware and adware is becoming ambiguous. Adware, whose purpose is to display advertisements, has become malicious, such as stealing information, and cannot be left unattended. In recent years, a method called “cryptojacking” has also emerged, in which a script for mining virtual currency is embedded in the browser. In the trend of IoT, which will advance in the future, it is expected that new methods will be born along with the appearance of new technologies and terminals.

　The basic security measure is to protect yourself. By failing to do so and visiting questionable free software and nasty websites, you are exposing yourself to security risks. We should not forget that as technology evolves, so do attack methods, and the first step in countermeasures is to raise our own awareness.