McAfee says a software company with more than 50,000 downloads on sites such as Download.com is distributing web browser hijacking and fraud malware.
Researcher Santosh Revankar says Lavians Inc is pushing the Bing.vc browser redirect and home page hijacker which creates seeming problems that the company then attempts to fix at a cost.
The technique is straight out of the black hat fraud handbook and is used by low level and lowly web scum who take advantage of the proliferation of trash software to inject advertisements, and drop all manner of malware on user machines.
Revankar says "several other" Lavians Inc applications are formerly clean applications that have been wrapped up with malicious content and posted to infect users.
"We have come across several files from Lavians Inc that look like legitimate applications but may pose a serious risk," Revankar says
"We have observed that Lavians Inc is repackaging clean applications with a browser hijacker to avoid suspicion and to increase its outreach."
A Virus Total hash check against a Lavians purported driver application for Dell machines finds it is classifed as a advertising trojan by ESET, Microsoft, Ikarus, and Antiy-AVL, but cleared by others under the site's indicative static analysis.
Google last year found some 84,000 injectors and apps targeted Chrome including 50,000 browser extensions and 34,000 applications. It has cracked down on those, ejecting the extensions, and flagging sites that host the malicious apps as dangerous.
Large software download sites are a hated web relic in infosec circles because security checks are often scanty, while bundler installation programs make direct efforts to trick their users into installing unwanted apps that increase PC attack surfaces. ®