Variant of January’s Browser Adware pBot is now Installing Crypto Miners too!

It is easier to hack a head, instead of a computer system

A new variant of python based adware PythonBot or PBot is being distributed out in the open. This adware is not only injecting ads but also installing malicious browser extensions and crypto miner into the targeted devices.

How does this work?
The adware dubbed as Pbot is distributed via pop-up ads that eventually redirect users to a download page.

If the user clicks anywhere on the downloaded page, a file named as “update.hta” is downloaded on the victim’s system. If the user executes the file, a PBot installer gets downloaded from a remote command-and-control server.

This bot uses "brplugin.py" script to generate DLL file and then inject it into the launched browser to install the ad extension on the targeted system.

This browser extension installed by PBot typically adds various banners to the page and redirects the user to advertising sites.

Ankush Johar, director at Infosec Ventures, said: "Humans are the weakest link in cybersecurity and hackers are well aware of that. They have always been using these kinds of social engineering tactics to convince victims into downloading their malware/adware because that’s the easy way. It is easier to hack a head, instead of a computer system. Hence, it is the users who have to take necessary precautions to save themselves from these kinds of attacks. Remember- Your security lies in your own hands. Think before you click!"

Few tips that should be kept in mind:
* Never click on unknown links, even if it seems to be coming from a known person. You can test the authenticity of the link by hovering your mouse over the link. This will display the correct address to which the link is redirecting.

* Don’t download files from unknown sources, they can be infected with data-stealing malware hidden behind a genuine looking app. Stay away from pirated software too.

* Use a legitimate antivirus software for your system.

* Regularly install OS and software updates to keep yourself secure from new exploits.


Tags assigned to this article:
Variant Browser Adware pBot Crypto Miners Adware

Advertisement

Around The World