Security Alert Big Surprise: Chinese PUPs Deliver Backdoored Drivers

Discussion in 'News Archive' started by Solarquest, Mar 20, 2017.

  1. Solarquest

    Solarquest Level 27
    Trusted AV Tester

    Jul 22, 2014
    1,605
    11,744
    Male
    A driver secretly installed via PUPs packages for Chinese software contain backdoors enabling a third-party to load unsigned drivers or to execute code with higher privileges on a Windows machine.

    The backdoor was discovered by Malwarebytes researchers part of various bundled software packages pushed by at least two major PUP bundler networks.
    The PUP installer drops a series of 7-ZIP archives on each victim's computer. These archives contain the PUP application's resources, including a 32 and 64-bit version for a driver that is forcibly and silently installed on the user's computer without his knowledge.

    Backdoor enables two possible actions

    More infos in the link above
     
  2. monsterturckpa

    monsterturckpa Level 5

    Nov 10, 2016
    200
    482
    Female
    student
    Germany
    Windows 7
    Emsisoft
    scary,
    There are many dangerous free programs offered on giveaway websites, As if everything is normal, even they come signed with certificate, LOL.
    even, there are theories that some trust programs, they already do it.
    you can not trust anyone but Live with worries, Is bad for health.
    [​IMG][​IMG]
    [​IMG]
     
  3. xywcloud

    xywcloud Level 38

    Aug 8, 2013
    2,718
    14,301
    Male
    Windows 7
    Well, it's very common in China:)
    I have collected so many samples which have this behavior.
     
  4. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    1,860
    7,718
    AppGuard LLC, Virginia, U.S.
    No one has to live that way anymore... just use default-deny\system lock-down instead of default-allow.
     
  5. Entreri

    Entreri Level 5

    May 25, 2015
    235
    463
    Male
    No surprise. I wouldn't even trust Chinese "security/AV" companies. Once IBM sold their great laptop brand to Lenovo, lol.

    If I was going to build a business, I would only use Apple products.

    I just bought a cheap Motorola smartphone, no way will I ever do banking on it...
     
  6. monsterturckpa

    monsterturckpa Level 5

    Nov 10, 2016
    200
    482
    Female
    student
    Germany
    Windows 7
    Emsisoft
    YEAH! hehehehehe
     
  7. _CyberGhosT_

    _CyberGhosT_ Level 49
    Trusted

    Aug 2, 2015
    3,850
    25,110
    Male
    Private Contractor For BNSF
    Central US
    Linux Mint
    Default-Deny
    Not surprising in the least, and that's all I will say on this seeing we have so many Chinese AV software
    fans here. :rolleyes:
    Cool Share Solar :)
     
  8. generalwu

    generalwu Level 4

    Jan 25, 2016
    182
    390
    Male
    Software Engineer
    Singapore
    Windows 10
    Avast
    As the saying goes, "There's no free lunch in this world".

    Especially applicable to all Chinese made software. :p

    The way they push PUP to users are downright aggressive.
    But the carrots are too sweet for normal users so they take the bait.:cool:
     
  9. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    1,860
    7,718
    AppGuard LLC, Virginia, U.S.
    "Users want to use things" --- and the unfortunate end result is a lot of infections.
     
  10. spaceoctopus

    spaceoctopus Level 8

    Jul 13, 2014
    390
    2,180
    Male
    Distant galaxy
    Windows 10
    ESET
    Great work from Malwarebytes as always!;)
     
  11. larry goes to church

    Mar 10, 2017
    100
    141
    antartica
    Elementary OS
    Qihoo 360
    This is becoming more and more common place in the current marketplace.