Security Alert Big Surprise: Chinese PUPs Deliver Backdoored Drivers

Discussion in 'Latest Security News' started by Solarquest, Mar 20, 2017 at 6:05 PM.

  1. Solarquest

    Solarquest Level 23
    Trusted AV Tester

    Joined:
    Jul 22, 2014
    Messages:
    1,298
    Likes Received:
    8,396
    A driver secretly installed via PUPs packages for Chinese software contain backdoors enabling a third-party to load unsigned drivers or to execute code with higher privileges on a Windows machine.

    The backdoor was discovered by Malwarebytes researchers part of various bundled software packages pushed by at least two major PUP bundler networks.
    The PUP installer drops a series of 7-ZIP archives on each victim's computer. These archives contain the PUP application's resources, including a 32 and 64-bit version for a driver that is forcibly and silently installed on the user's computer without his knowledge.

    Backdoor enables two possible actions

    More infos in the link above
     
  2. monsterturckpa

    monsterturckpa Level 3

    Joined:
    Nov 10, 2016
    Messages:
    100
    Likes Received:
    266
    OS:
    Windows 7
    AV:
    Emsisoft
    scary,
    There are many dangerous free programs offered on giveaway websites, As if everything is normal, even they come signed with certificate, LOL.
    even, there are theories that some trust programs, they already do it.
    you can not trust anyone but Live with worries, Is bad for health.
    [​IMG][​IMG]
    [​IMG]
     
  3. xywcloud

    xywcloud Level 38

    Joined:
    Aug 8, 2013
    Messages:
    2,708
    Likes Received:
    14,243
    OS:
    Windows 7
    Well, it's very common in China:)
    I have collected so many samples which have this behavior.
     
  4. Lockdown

    Lockdown From AppGuard
    Developer

    Joined:
    Oct 24, 2016
    Messages:
    815
    Likes Received:
    3,589
    No one has to live that way anymore... just use default-deny\system lock-down instead of default-allow.
     
  5. Entreri

    Entreri Level 4

    Joined:
    May 25, 2015
    Messages:
    175
    Likes Received:
    343
    No surprise. I wouldn't even trust Chinese "security/AV" companies. Once IBM sold their great laptop brand to Lenovo, lol.

    If I was going to build a business, I would only use Apple products.

    I just bought a cheap Motorola smartphone, no way will I ever do banking on it...
     
  6. monsterturckpa

    monsterturckpa Level 3

    Joined:
    Nov 10, 2016
    Messages:
    100
    Likes Received:
    266
    OS:
    Windows 7
    AV:
    Emsisoft
    YEAH! hehehehehe
     
  7. _CyberGhosT_

    _CyberGhosT_ Level 41
    Trusted

    Joined:
    Aug 2, 2015
    Messages:
    3,067
    Likes Received:
    19,808
    OS:
    Linux Mint
    AV:
    Default-Deny
    Not surprising in the least, and that's all I will say on this seeing we have so many Chinese AV software
    fans here. :rolleyes:
    Cool Share Solar :)
     
  8. generalwu

    generalwu Level 3

    Joined:
    Jan 25, 2016
    Messages:
    145
    Likes Received:
    317
    As the saying goes, "There's no free lunch in this world".

    Especially applicable to all Chinese made software. :p

    The way they push PUP to users are downright aggressive.
    But the carrots are too sweet for normal users so they take the bait.:cool:
     
  9. Lockdown

    Lockdown From AppGuard
    Developer

    Joined:
    Oct 24, 2016
    Messages:
    815
    Likes Received:
    3,589
    "Users want to use things" --- and the unfortunate end result is a lot of infections.
     
  10. spaceoctopus

    spaceoctopus Level 5

    Joined:
    Jul 13, 2014
    Messages:
    239
    Likes Received:
    1,149
    Great work from Malwarebytes as always!;)
     
  11. larry goes to church

    Joined:
    Mar 10, 2017
    Messages:
    73
    Likes Received:
    84
    OS:
    Elementary OS
    AV:
    Qihoo 360
    This is becoming more and more common place in the current marketplace.
     
Loading...
Other threads that you may like Forum Date
Security Alert Surprised? Homeland Security Chief says Phishing is the top hacking threat. News Archive Dec 4, 2016
Xbox No surprise: Microsoft's Project Scorpio will be a "premium console" at a "higher price" Gamers' Hangout Nov 17, 2016
Surprised by Sophos Home and Ransomware HitmanPro (Sophos) Nov 5, 2016