French Security Researcher Uncovers Adware Delivery Scheme Targeting KeePass, Audacity and More

Written by Nitish Singh
Published on July 28, 2018

Thousands of users across the world are being tricked into downloading adware according to French security researcher Ivan Kwiatkowski. Multiple domains targeting Spanish and French-speaking internet users have been created as clones of web pages of popular software. With legitimate-looking URLs and even instances of legitimate software on offer, the scammers are bundling InstallCore adware with free applications like KeePass, Inkscape, and Audacity.

Kwiatkowski discovered the first website that was part of the campaign earlier this week, and after installing the bundled adware, he was able to track other websites that contained the malicious software. With legitimate versions of the apps being available on the clone websites and the InstallCore being an optional download, many gullible users have downloaded the software into their system unknowingly.

This is not the first time such a campaign has been run on the internet. In the past instances of tab hijackers, cryptocurrency miners, search hijackers and other malicious software have been found bundled with legitimate apps on clone websites. For each download that a bundler generates, revenue is generated for successfully injecting the malicious app to a user PC.

Most of the domains that were being used to inject the adware use a .es or .fr TLD in the URLs. Kwiatkowski identified the campaign to be managed by a single PC only. All of the flagged websites have been taken down, but it is likely that similar delivery schemes will resurface in the future. Kwiatkowski recommends scanning all software before installation even if downloaded from official sources. It's recommended to use a quality antivirus tool for effective removal of any malicious software.

What do you think about the cloned websites that were discovered? Let us know in the comments below. Get instant updates on TechNadu’s Facebook page, or Twitter handle.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: