Thus, if a researcher or tool is not aware that the program is malicious, it avoids sending up any red flags that would trigger a more thorough analysis. This means that if it feels that it is being analyzed by a security researcher or automated security software, it will act innocent, showing none of its malicious behaviors. Malware will frequently exhibit analysis avoidance behavior. The official MPlayerX installer began to attempt to defy analysis! The bad behavior didn't stop there, however. Unfortunately, this didn't turn out to be good news, as it was soon discovered that the official MPlayerX installer, downloaded directly from the MPlayerX website, had started to include the IronCore adware. In early 2015, MPlayerX wasn't being distributed with VSearch anymore. MPlayerX began to be so synonymous with the VSearch adware that Google searches for "MPlayerX" began to show prominently-featured hits for "MPlayerX removal." Worse, it eventually became apparent that MPlayerX was not simply an innocent victim. At the time, many people assumed that MPlayerX was being used in the same manner that Adobe Flash Player often is - innocent software used to trick people into running a shady installer. Back in 2014, an emerging piece of adware that soon crossed the line to malicious behavior, called VSearch, was frequently associated with MPlayerX installers. MPlayerX began to be associated with malware about two years ago, or possibly even longer.
0 Comments
Leave a Reply. |