Security News Big Surprise: Chinese PUPs Deliver Backdoored Drivers

[Solarquest]

A driver secretly installed via PUPs packages for Chinese software contain backdoors enabling a third-party to load unsigned drivers or to execute code with higher privileges on a Windows machine.

The backdoor was discovered by Malwarebytes researchers part of various bundled software packages pushed by at least two major PUP bundler networks.
The PUP installer drops a series of 7-ZIP archives on each victim's computer. These archives contain the PUP application's resources, including a 32 and 64-bit version for a driver that is forcibly and silently installed on the user's computer without his knowledge.

Backdoor enables two possible actions

More infos in the link above

 

[xywcloud]

Well, it's very common in China
I have collected so many samples which have this behavior.

 

[509322]

scary,
There are many dangerous free programs offered on giveaway websites, As if everything is normal, even they come signed with certificate, LOL.
even, there are theories that some trust programs, they already do it.
you can not trust anyone but Live with worries, Is bad for health.

No one has to live that way anymore... just use default-deny\system lock-down instead of default-allow.

 

[Entreri]

No surprise. I wouldn't even trust Chinese "security/AV" companies. Once IBM sold their great laptop brand to Lenovo, lol.

If I was going to build a business, I would only use Apple products.

I just bought a cheap Motorola smartphone, no way will I ever do banking on it...

 

[_CyberGhosT_]

A driver secretly installed via PUPs packages for Chinese software contain backdoors enabling a third-party to load unsigned drivers or to execute code with higher privileges on a Windows machine.

The backdoor was discovered by Malwarebytes researchers part of various bundled software packages pushed by at least two major PUP bundler networks.
The PUP installer drops a series of 7-ZIP archives on each victim's computer. These archives contain the PUP application's resources, including a 32 and 64-bit version for a driver that is forcibly and silently installed on the user's computer without his knowledge.

Backdoor enables two possible actions

More infos in the link above

Not surprising in the least, and that's all I will say on this seeing we have so many Chinese AV software
fans here.
Cool Share Solar

 

[generalwu]

As the saying goes, "There's no free lunch in this world".

Especially applicable to all Chinese made software.

The way they push PUP to users are downright aggressive.
But the carrots are too sweet for normal users so they take the bait.

 

[509322]

But the carrots are too sweet for normal users so they take the bait.

"Users want to use things" --- and the unfortunate end result is a lot of infections.

 

[spaceoctopus]

Great work from Malwarebytes as always!

 

[larry goes to church]

This is becoming more and more common place in the current marketplace.