The infamous Ask Toolbar is back in the news again. In the past, it received backlash from security firms for pushing third-party offers to users and making them download software without their consent or knowledge. It is a well-known fact that Ask toolbar has been categorized by security software vendors like Microsoft as a Potentially Unwanted Program. But, the latest report from an IT security firm Red Canary has revealed that attackers attempted to convert Ask Toolbar’s latest update into a malware.
Red Canary found that the toolbar updater feature was actually delivering a malicious virus. Furthermore, the firm detected suspicious activity that was directly traced to the Ask Toolbar Updater. The toolbar has integrated Java installations due to which a majority of users fail to notice the downloading option for other software that Ask Toolbar suggests and ends up installing those unwanted programs.
The report also reveals that this time, Ask Toolbar itself isn’t to be blamed because unknown cyber-criminals simply exploited the authentic Ask Toolbar Updater service by inserting malware into it.
Red Canary couldn’t inform the real identity of the attackers, but, after a deep-dive test and evaluation, the researchers were able to conclude that a Trojan was causing issues in the update while the malicious code remained undetected by anti-virus programs because the attackers had managed to get it signed and authorized by Ask Toolbar team. However, their malicious aims were brought to light by security services which were actually trying to locate anomalies. It was later learned that attackers were trying to convert Ask Toolbar into a malware program.
According to Red Canary’s CSO Keith McCammon, after installing the unwanted software on the users’ computer system, the malware brings in secondary malware like banking Trojans or similar online-fraud code. There wasn’t any singular pattern for installing the secondary payloads and more than one type of secondary malware was identified on a dozen systems.
Therefore, McCammon believes that the attackers were probably trying to experiment with different kinds of malware to find out which would fulfill their malicious purposes more diligently. However, there is no indication of the mass distribution of any of the malware.
When contacted, Ask stated that the company has already blocked the attacks and issued updates.
[src src=”Source” url=”https://blog.redcanary.com/ask-partner-network-compromise”]Red Canary[/src]