- Feb 4, 2016
- 549
Microsoft has removed the Torrenty app from the Windows Store after Ed Bott from ZDNet, one of the app's avid users, discovered it was downloading adware-infected apps without the user's consent.
The Torrenty app is, you guessed it, a BitTorrent client for Windows 10, which was solely available via the Windows Store. The app has been around for some months, but according to Bott, only in recent weeks did this malicious behavior show up
Torrenty was auto-downloading malicious content on the user's PC
Bott says that right after installing a clean version of Torrenty from the Windows Store, the app immediately showed a message that read "1 Update(s) Pending" even if he had the most recent version installed.
When he clicked the button, he says Torrenty opened his default Web browser (Microsoft Edge) and auto-downloaded a file without asking for user consent.
The same thing happened when he used Google Chrome as the default browser, but not with Firefox, because Mozilla had already blackballed the website and was showing an alert that read "Reported Unwanted Software Page!", preventing users from accessing the source of the download.
Bott says the file download on his computer was named Setup.exe, and a quick VirusTotal scan revealed that 24 out of 56 antivirus engines detected the file as adware.
Torrenty wanted users to install adware on their Windows 10 PCs
Running Setup.exe, the reporter discovered that it was a legitimate installer for another BitTorrent client named BitLord, which was also packed with adware in the form of the PremierOpinion browser add-in.
This browser extension is known for inserting ads in the user's Web browsing experience, and also spamming the user with popup surveys.
The source of this download was ezsoftdownloads.com, which is also marked in Google's Safe Browsing Site Status as a dangerous website and a source of PUP (Potentially Unwanted Programs).
Weirdly enough, accessing the URL directly in your browser does not show any content on the page, meaning crooks took steps to hide their malicious content, a tactic also used by many other cyber-crooks, especially those who run exploit kits.
Microsoft, who uses a dual manual and automatic app review process, has removed the app from its store.
The Torrenty app is, you guessed it, a BitTorrent client for Windows 10, which was solely available via the Windows Store. The app has been around for some months, but according to Bott, only in recent weeks did this malicious behavior show up
Torrenty was auto-downloading malicious content on the user's PC
Bott says that right after installing a clean version of Torrenty from the Windows Store, the app immediately showed a message that read "1 Update(s) Pending" even if he had the most recent version installed.
When he clicked the button, he says Torrenty opened his default Web browser (Microsoft Edge) and auto-downloaded a file without asking for user consent.
The same thing happened when he used Google Chrome as the default browser, but not with Firefox, because Mozilla had already blackballed the website and was showing an alert that read "Reported Unwanted Software Page!", preventing users from accessing the source of the download.
Bott says the file download on his computer was named Setup.exe, and a quick VirusTotal scan revealed that 24 out of 56 antivirus engines detected the file as adware.
Torrenty wanted users to install adware on their Windows 10 PCs
Running Setup.exe, the reporter discovered that it was a legitimate installer for another BitTorrent client named BitLord, which was also packed with adware in the form of the PremierOpinion browser add-in.
This browser extension is known for inserting ads in the user's Web browsing experience, and also spamming the user with popup surveys.
The source of this download was ezsoftdownloads.com, which is also marked in Google's Safe Browsing Site Status as a dangerous website and a source of PUP (Potentially Unwanted Programs).
Weirdly enough, accessing the URL directly in your browser does not show any content on the page, meaning crooks took steps to hide their malicious content, a tactic also used by many other cyber-crooks, especially those who run exploit kits.
Microsoft, who uses a dual manual and automatic app review process, has removed the app from its store.
