Security Alert Big Surprise: Chinese PUPs Deliver Backdoored Drivers

Discussion in 'News Archive' started by Solarquest, Mar 20, 2017.

  1. Solarquest

    Solarquest Moderator
    Staff Member AV Tester

    Jul 22, 2014
    1,687
    13,062
    A driver secretly installed via PUPs packages for Chinese software contain backdoors enabling a third-party to load unsigned drivers or to execute code with higher privileges on a Windows machine.

    The backdoor was discovered by Malwarebytes researchers part of various bundled software packages pushed by at least two major PUP bundler networks.
    The PUP installer drops a series of 7-ZIP archives on each victim's computer. These archives contain the PUP application's resources, including a 32 and 64-bit version for a driver that is forcibly and silently installed on the user's computer without his knowledge.

    Backdoor enables two possible actions

    More infos in the link above
     
  2. xywcloud

    xywcloud From X-Sec Antivirus
    Developer

    Aug 8, 2013
    2,746
    14,473
    Windows 7
    Well, it's very common in China:)
    I have collected so many samples which have this behavior.
     
  3. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    2,243
    9,524
    AppGuard LLC Virginia, U.S.
    No one has to live that way anymore... just use default-deny\system lock-down instead of default-allow.
     
  4. Entreri

    Entreri Level 6

    May 25, 2015
    259
    541
    No surprise. I wouldn't even trust Chinese "security/AV" companies. Once IBM sold their great laptop brand to Lenovo, lol.

    If I was going to build a business, I would only use Apple products.

    I just bought a cheap Motorola smartphone, no way will I ever do banking on it...
     
  5. _CyberGhosT_

    _CyberGhosT_ Level 50
    Trusted

    Aug 2, 2015
    3,983
    26,115
    Retired
    Central US
    Linux Mint
    Default-Deny
    Not surprising in the least, and that's all I will say on this seeing we have so many Chinese AV software
    fans here. :rolleyes:
    Cool Share Solar :)
     
  6. generalwu

    generalwu Level 4

    Jan 25, 2016
    187
    409
    IT Administrator
    Singapore
    Windows 10
    Avast
    As the saying goes, "There's no free lunch in this world".

    Especially applicable to all Chinese made software. :p

    The way they push PUP to users are downright aggressive.
    But the carrots are too sweet for normal users so they take the bait.:cool:
     
  7. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    2,243
    9,524
    AppGuard LLC Virginia, U.S.
    "Users want to use things" --- and the unfortunate end result is a lot of infections.
     
  8. spaceoctopus

    spaceoctopus Level 9

    Jul 13, 2014
    439
    2,609
    Distant galaxy
    Windows 10
    ESET
    Great work from Malwarebytes as always!;)
     
  9. larry goes to church

    Mar 10, 2017
    100
    142
    antartica
    Elementary OS
    Qihoo 360
    This is becoming more and more common place in the current marketplace.
     
Loading...
Similar Threads Forum Date
Microsoft 'Confirms' Windows 10 Has Seriously Nasty Surprise Security News Jul 28, 2017
So i did test all free AV and was Surprised. General Security Discussions Apr 20, 2017
Security Alert Surprised? Homeland Security Chief says Phishing is the top hacking threat. News Archive Dec 4, 2016