For more than a decade, adware has helped software creators earn money while bringing free applications to the masses. Headliner games and applications have become widely available to computer and mobile users the world over, with no financial strings attached.
While generating untold revenue for the companies that run these programs, adware has witnessed constant improvements over the years in both data collection and resilience to removal. The line between adware and spyware has become increasingly fuzzy during recent years as modern adware combines aggressive opt-outs with confusing legal and marketing terms as well as extremely sophisticated persistence mechanisms aimed at taking control away from the user. This whitepaper details an extremely sophisticated piece of rootkit-based spyware that has been running covertly since early 2012, generating revenue for its operators and compromising the privacy of its victims.
Download the whitepaper below for a complete analysis of the malware’s components, its internal structure and a list of associated samples and IoCs.