nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

McAfee outs malware dev firm with scores of Download.com installs

Just don't download anything from 'Lavians' - it's probably wrapped in horror

By Darren Pauli, 11 Aug 2016

McAfee says a software company with more than 50,000 downloads on sites such as Download.com is distributing web browser hijacking and fraud malware.

Researcher Santosh Revankar says Lavians Inc is pushing the Bing.vc browser redirect and home page hijacker which creates seeming problems that the company then attempts to fix at a cost.

The technique is straight out of the black hat fraud handbook and is used by low level and lowly web scum who take advantage of the proliferation of trash software to inject advertisements, and drop all manner of malware on user machines.

Lavians Inc has 19 uploads currently hosted on Download.com and 24 on Brothersoft.com, along with applications on its own site.

Revankar says "several other" Lavians Inc applications are formerly clean applications that have been wrapped up with malicious content and posted to infect users.

"We have come across several files from Lavians Inc that look like legitimate applications but may pose a serious risk," Revankar says

"We have observed that Lavians Inc is repackaging clean applications with a browser hijacker to avoid suspicion and to increase its outreach."

A Virus Total hash check against a Lavians purported driver application for Dell machines finds it is classifed as a advertising trojan by ESET, Microsoft, Ikarus, and Antiy-AVL, but cleared by others under the site's indicative static analysis.

Ad injection and browser redirection are a top enemy of Google and Microsoft.

Google last year found some 84,000 injectors and apps targeted Chrome including 50,000 browser extensions and 34,000 applications. It has cracked down on those, ejecting the extensions, and flagging sites that host the malicious apps as dangerous.

Large software download sites are a hated web relic in infosec circles because security checks are often scanty, while bundler installation programs make direct efforts to trick their users into installing unwanted apps that increase PC attack surfaces. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing