Think Twice Before You Install An AdBlocker On Your Device, You Won’t Realize But It Might Be A Malware!
Since the beginning of February, several applications were spotted, injecting Monero Cryptocurrency Miner into users’ computers. According to the Kaspersky Report, these (Cryptominer + Ransomware codes) were distributed via malicious websites that randomly appeared in the user’s search feeds. The hybrid Malware (mostly disguised as an antivirus installer) targeted more than 2,500 users a day, this time disguised as an ad blocker and OpenDNS Service.
The hybrid malware is distributed under the name – AdShield Pro, a Windows version of the AdShield Mobile Ad Blocker. Once the user installs the ad blocker, the DNS settings get automatically altered on the device. Hence, all the domains get resolved from the attacker’s end. This further prevents the victims from accessing their current antivirus program, and the computer gets no protection at all against potential trojans.
That’s Not All, The Situation Gets Even Worse. How? Read On!
The story doesn’t end here! The malware additionally installs a legitimate version of the Transmission BitTorrent Client on your computer to create a backdoor for hackers, so that they can remotely access your PC.
Once the DNS servers are substituted successfully, the malware starts updating itself by running the executable file – update.exe with the argument
self-upgrade (“C:\Program Files (x86)\AdShield\updater.exe” -self-upgrade).The self-updater file contacts C&C and sends all the essential information related to the infected machine, starting from the installation process. Some of the command lines in this executable file are thoroughly encrypted so that the static detection process gets more difficult.
Further, the executable file downloads from the site transmissionbt[.]org, where a modified version of Transmission Torrent Client runs. In this entire process, the malware sends all the essential information related to the infected machine to C&C and downloads the mining module from it.
No matter how this annoying AdBlocker gets a space on your device, the freaky malicious code can disperse all over your disk space locks up the data, and start mining the Monero Cryptocurrency. Hackers execute the – servicecheck_XX task in the Windows Task Scheduler, to ensure continuous operations.
How To Get Rid Of The Miner?
According to Kaspersky’s recent blog post, the miner can be removed by simply reinstalling the impersonated file with the legitimate one from official resources. If you find a flock.exe file running on your system, simply end the process and uninstall adblockers like AdShield, NetShieldKit, OpenDNS, and the Transmission torrent. You should consider removing the following folders if found:
Finally, complete the process by deleting the servicecheck_XX task from Windows Task Scheduler.
How Do I Use Systweak Antivirus?
With such an interactive set of features, Systweak Antivirus is simply designed to give you the best protection as conveniently as possible. To safeguard your system, follow the steps below and learn how to use Systweak Antivirus.
STEP 1- Install Systweak Antivirus and the security application will launch automatically.
STEP 2- From the main dashboard, click on the magnifying glass icon and choose the desired scanning mode. Quick Scan, Deep Scan, or Custom Scan!
STEP 3- Confirm your scanning process and let the PC Security Solution scan the entire nook and cranny of your system and eliminate all the potential threats from your system!
You’ll get the alert – Your PC is protected from harmful threats!
If you want adblocking with no fuss, you can even try switching to Brave Browser. If you have ever installed or used AdShield Pro, do let us know your experience in the comments section below!