12 million PC worldwide are found to have a backdoor developed by Tuto4PC
In one of the biggest scandals of 2016, nearly 12 million PCs are found to have a backdoor which granted administrative rights of those PCs to the software developers.
Security researchers from Cisco discovered a piece of software that installed backdoors on 12 million computers around the world. Researchers determined that the application, installed with administrator rights, was capable not only of downloading and installing other software, such as a known scareware called System Healer, but also of harvesting personal information. Furthermore, experts found that the software is designed to detect the presence of sandboxes, antiviruses, security tools, forensic software and remote access doors.
The software or backdoor which exhibits adware as well as spyware capabilities, was developed by a obscure French advertising company called Tuto4PC. A close associate of the firm, called Wizzlabs was earlier pulled up by French authorities over installing spyware and harvesting users personal details.
The Cisco researchers analysed Tuto4PC’s OneSoftPerDay application and uncovered roughly 7,000 unique samples with names containing the string “Wizz,” including “Wizzupdater.exe,” “Wizzremote.exe” and “WizzInstaller.exe.” The string also showed up in some of the domains the samples had been communicating with.
These full fledged spying features have led Cisco Talos to classify the Tuto4PC software as a “full backdoor capable of a multitude of undesirable functions on the victim machine.”
Cisco researchers were able to detect the backdoor on 12 million devices. An analysis of a sample set revealed infections in the United States, Australia, Japan, Spain, the UK, France and New Zealand.
“Based on the overall research, we feel that there is an obvious case for this software to be classified as a backdoor. At minimum it is a potentially unwanted program (PUP). There is a very good argument that it meets and exceeds the definition of a backdoor,” Cisco Talos researchers said in a blog post.
“The creation of a legitimate business, multiple subsidiaries, domains, software and being a publicly listed company do not stop this adware juggernaut from slowing down their attempts to push their backdoors out to the public,” they added.