• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 26th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security
Malware

PBot adware spams ads & installs cryptominer on Windows PCs

June 26th, 2018 Waqas Security, Malware 0 comments
PBot adware spams ads & installs cryptominer on Windows PCs
Share on FacebookShare on Twitter

The IT security researchers at Kaspersky have discovered an adware written in Python language targeting Windows-based computers.

Dubbed PBot (PythonBot) by researchers; the adware not only spams an infected computer with advertisements but also installs cryptocurrency miner and ad extensions in the browser – This means the PBot is much more than a typical adware.

Originally, the adware was discovered over a year ago, however, according to Kaspersky researcher it has made a come back with additional capabilities and only in April, the company observed 50,000 attempts to install itself on computers.

The number of attempts is increasing and the most impacted users are from Kazakhstan, Latvia, Ukraine, and Russia.

“Developers are constantly releasing new versions of this modification, each of which complicates the script obfuscation,” wrote Kaspersky’s Anton V. Ivanov in a blog post. “Another distinctive feature of this Pbot variation is the presence of a module that updates scripts and downloads fresh browser extensions.”

The browser extension is used to spam banners on the page visited by the victim which redirects them to advertising sites to generate revenue – All this while the cryptominer uses computing power (CPU) of the system to generate cryptocurrency.

PBot adware spams ads & installs cryptominer on Windows PCs

A Pop-up window with an ad clip on Kaspersky’s website (Image credit: Kaspersky)

Currently, PBot is being distributed through malicious partner sites who redirect visitors to sponsored links. Once there, clicking anywhere on the page opens a new browser window with a link with PBot download page. Moreover, clicking on the link delivers an “.hta” file which once clicked installs PBot on the computer.

“In pursuit of profit, adware owners often resort to installing their products on the sly, and PBot developers are no exception. They release new versions (and update them on user computers), complicating their obfuscation to bypass protection systems,” Ivanov concluded.

For more technical details visit Kaspersky’s blog post.

PBot is the third malware that has been caught in the past few days targeting Windows-based computers. A couple of days ago, MyloBot malware was found adding computers to a botnet of compromised IoT (Internet of Things) devices to carry out DDoS, malware and ransomware attacks.

On June 18th, Zacinlo adware was caught infecting Windows 10, Windows 7 and Windows 8 PCs. Like PBot, Zacinlo is also capable of multitasking including spamming devices with ads, stealing user data and spy on victims by taking screenshots of their online activities.

If you are a Windows user, watch out for PBot and refrain from visiting unknown sites or clicking links sent by unknown senders. Moreover, keep your computer updated and run a full-system scan.

  • Tags
  • Adware
  • Cryptomining
  • hacking
  • Kaspersky
  • Microsoft
  • Python
  • Scam
  • security
  • Technology
  • Windows
Facebook Twitter LinkedIn Pinterest
Previous article Voice records of millions of Brits stored by tax agency without consent
Next article Firefox Monitor tool informs users if they have been hacked
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
TikTok vulnerability allowed hackers to access users' phone numbers

TikTok vulnerability allowed hackers to access users' phone numbers

Watch out as new Android malware spreads through WhatsApp

Watch out as new Android malware spreads through WhatsApp

SonicWall hacked after 0-day flaws exploited by hackers

SonicWall hacked after 0-day flaws exploited by hackers

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
TikTok vulnerability allowed hackers to access users' phone numbers
Security

TikTok vulnerability allowed hackers to access users' phone numbers

37
Why you should never use free a VPN
Drones

Why you should never use free a VPN

24
Watch out as new Android malware spreads through WhatsApp
Security

Watch out as new Android malware spreads through WhatsApp

199

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us