PythonBot Adware Installs Cryptominer on Windows PCs

PBot: This evolving adware installs malicious browser extensions

Security researchers at the Kaspersky Lab have discovered a new Python-based adware that are targeting Windows-basedย computers.

Dubbed PBot, orย PythonBot, the adware not only floods an infected computer withย advertisements but alsoย installs malicious ad extensions in the browser and hidden cryptocurrency miner on victimโ€™s computer.

The researchers had discovered the first member of the PBot family over a year ago, and since then the adware has evolved with several modifications to the program. In April itself, the company detected more than 50,000 attempts to install PBot on computers of users of Kaspersky Lab products.

The number of attempts is increasing indicating that this adware is on the rise. The most affected users are fromย Russia, Ukraine, and Kazakhstan.

โ€œDevelopers are constantly releasing new versions of this modification, each of which complicates the script obfuscation,โ€ wroteย Kasperskyโ€™s Anton V. Ivanov in aย blog post.

โ€œAnother distinctive feature of this PBot variation is the presence of a module that updates scripts and downloads fresh browser extensions.โ€

The browser extension installed by PBot basically adds various banners to the page and redirects the user to advertising sites to generate revenue. All this while, theย cryptominerย uses computing power (CPU) of the system to generateย cryptocurrency.

At present, PBot is distributed through malicious partner sites whose pages implement scripts to redirect users to sponsored links. Once the user visits the partner site, clicking anywhereย on the page opens a newย browser window with an intermediate link that redirects the user to theย PBot download page. Further, clicking on the link downloads an โ€œ.htaโ€ file, which once clicked downloads the PBot installer.

โ€œIn pursuit of profit, adware owners often resort to installing their products on the sly, and PBot developers are no exception. They release new versions (and update them on user computers), complicating their obfuscation to bypass protection systems,โ€ย Ivanov concluded.

If you are a Windows user, it is suggested that you do not click on links sent by unknown senders and also avoid visiting unknown sites. Also, ensure that your computer is up-to-date.

Source: Kaspersky via Hack Read

Subscribe to our newsletter

To be updated with all the latest news

Kavita Iyer
Kavita Iyerhttps://www.techworm.net
An individual, optimist, homemaker, foodie, a die hard cricket fan and most importantly one who believes in Being Human!!!

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Subscribe to our newsletter

To be updated with all the latest news

Read More

Suggested Post