A campaign pushing the potentially unwanted app downloader ICLoader was found also to be dropping malware in addition to its traditional advertising and useless software.
Trend Micro researchers found that the actors behind ICLoader began distributing a variety of botnets, cryptocurrency miners and even GandCrab ransomware late last year using three different methods, all of which are still active.
“Pop-up ads were used to distribute the malware on file sharing websites and over a hundred fake software sharing websites — all of which are still live at the time of writing. The distributors of ICLoader seem to be targeting users who are actively looking for specific software since even the pop-up ads are hosted on sites that supposedly share software,” said Joseph Chen, fraud researcher for Trend Micro.
Other distribution methods include fake software sharing websites and fake torrent sharing sites. The fake software sites included detailed descriptions of the software and include “free download” buttons that will supposedly lead the to the cracked versions of the software, but in fact redirect the users to download various PUA downloader software, primarily ICLoader.
The fake torrent sites also lead to an ICLoader downloader page.
To avoid having unwanted apps or worse malware downloaded onto their computer end users should only utilize a trusted website from which to download software and they also need to make sure their systems are patched and running the latest version of its operating system, Chen said.