PBot: This evolving adware installs malicious browser extensions
Security researchers at the Kaspersky Lab have discovered a new Python-based adware that are targeting Windows-basedย computers.
Dubbed PBot, orย PythonBot, the adware not only floods an infected computer withย advertisements but alsoย installs malicious ad extensions in the browser and hidden cryptocurrency miner on victimโs computer.
The researchers had discovered the first member of the PBot family over a year ago, and since then the adware has evolved with several modifications to the program. In April itself, the company detected more than 50,000 attempts to install PBot on computers of users of Kaspersky Lab products.
The number of attempts is increasing indicating that this adware is on the rise. The most affected users are fromย Russia, Ukraine, and Kazakhstan.
โDevelopers are constantly releasing new versions of this modification, each of which complicates the script obfuscation,โ wroteย Kasperskyโs Anton V. Ivanov in aย blog post.
โAnother distinctive feature of this PBot variation is the presence of a module that updates scripts and downloads fresh browser extensions.โ
The browser extension installed by PBot basically adds various banners to the page and redirects the user to advertising sites to generate revenue. All this while, theย cryptominerย uses computing power (CPU) of the system to generateย cryptocurrency.
At present, PBot is distributed through malicious partner sites whose pages implement scripts to redirect users to sponsored links. Once the user visits the partner site, clicking anywhereย on the page opens a newย browser window with an intermediate link that redirects the user to theย PBot download page. Further, clicking on the link downloads an โ.htaโ file, which once clicked downloads the PBot installer.
โIn pursuit of profit, adware owners often resort to installing their products on the sly, and PBot developers are no exception. They release new versions (and update them on user computers), complicating their obfuscation to bypass protection systems,โย Ivanov concluded.
If you are a Windows user, it is suggested that you do not click on links sent by unknown senders and also avoid visiting unknown sites. Also, ensure that your computer is up-to-date.
