What are “Re captha version” pop-up virus?

Re captha version virus is a browser notification spam campaign that takes place on an eponymous website. An entire network of such sites has similar names and content. All of them aim at one thing – forcing users to allow notifications, under the guise of anti-robot captcha. This makes possible the main course of this scam – huge numbers of pop-ups that flood both the web browser and system notifications.

List of domains involved in the scam

Websites like “Re captha version” commonly appear after the redirection from another site, or following the click on the suspicious banner somewhere on the Web. If you’d try visiting such websites apart from the malicious redirections, they will likely return a white screen or various error messages. In some cases, they work, but the content is the same as the first time – just the offer to enable pop-up notifications.

But what for all this is running? Promotions that such websites show are extremely cheap, but their volume multiplied by the number of victims gives quite a substantial profit. Considering that these frauds will advertise other malicious actors, the profit may be smeared through several cybercriminal groups. And while there are ways to earn more, and in a legitimate way, pop-up spam campaigns are extremely easy to run. This is what causes these fraudulent sites to keep going.

GridinSoft Anti-Malware offers an advanced network protection feature that is capable of filtering the pop-up scam sites. We start tracking them at the very moment of their appearance, meaning they will not be able to harm you at all. Get your security boosted Gridinsoft.

How dangerous is pop-up notifications spam?

Despite what they look like, pop-ups are a rather dangerous thing, especially when dozens of them appear in a short period. The main effect is distraction: pop-ups will keep appearing even after closing the browser. They clutter the notification tray, making it impossible to find the alerts you need.

But the key danger hides in the content of those promotions. Pages and offers they promote are not even remotely relevant. Moreover, the links these advertisements lead to are often just clickbait websites or outright phishing pages. The longer all this happens, the more likely for the user to accidentally click one and get into a sticky situation.

How to remove Re captha version ads?

Removing pop-ups from the browser involves two steps – disallowing sending notifications to all sites and scanning your system for threats. The first one is manual – you need to go to your browser settings, open the page with notification settings and delete all entries there. Then, reload your browser for the changes to take effect.

Disabling browser pop-ups (scroll images)

For the second step – scanning for threats – I recommend using GridinSoft Anti-Malware. As I said, ads can lead to the installation of unwanted software. But aside from this, the appearance of Re captha version website may be the sign of adware activity. To ensure that your device is clean, run a Standard scan and let it finish – it won’t take long.

The post Re Captha Version Pop-Ups Virus appeared first on Gridinsoft Blog.

What is malvertising in Google Search?

First, let’s check out key definitions, as they may be unfamiliar to some users. Malvertising is a shortening from “malicious advertising”, which says for itself pretty well. Ads in Google Search, on the other hand, are trusted, as they carry the name of the biggest search engine. Days before, they proved to have a robust check-up mechanism that weeded out potentially harmful things from search results. Things have changed around the last few months, exactly, in November 2022. Malicious ads that tried to mimic downloading pages of legitimate tools filled the search results, often dumping the genuine page to the 4-5th position in results.

As Microsoft tightens loose ends and macro-based malware droppers become more difficult for Threat Actors to leverage – data traffickers are increasingly abusing SEO poisoning and/or malvertising.

Intel via @malwrhunterteam & @wdormann pic.twitter.com/iKy7yEN3g2

— vx-underground (@vxunderground) January 18, 2023

These links generally try to fake not only the header of a page but also the URL address. They include the name of a program, and a couple of keywords to look legitimate. Words may be added through a dash symbol, or as a second-level domain. The top-level domain, meanwhile, is usually something cheap, like .click or .top. Such TLDs cost around a dollar, and usually require no documents to register. More expensive domains, like a classic .com, may be used as well, so don’t accept them as a quality mark.

Some fake advertisements may include a so-called domain cloaking. The starting URL will be 100% legitimate, like youtube.com or twitter.com. Once you click, a cloaking mechanism will trigger, and throw you to a site that is completely different from the one you were seeing in the URL bar. This approach is more about tricking people into calling fake support or installing “a recommended security tool”.

Generally, malicious ads appear on search queries related to popular free programs. By now I found malicious ads for the following programs and software packages:

• Blender
• VLC Player
• Oracle VM VirtualBox
• Notepad ++
• LibreOffice
• Capcut
• OBS Studio
• CCleaner
• WinRAR
• Rufus
• Adobe products
• Zoom Video
• AMD and nVidia drivers
• Python libraries

Why do they appear?

First and foremost reason for the appearance of these ads is poor control of advertising content by Google. Sure, the company is not a vice squad, and should not retain the utterly high quality of advertising. But it is subpar for the image of such a company to allow purely fake ads to be posted, especially at top search result positions. Some time before, the same “pandemic” happened on YouTube. Massive amounts of copy-paste scam charity fund advertisements, giveaways, fake promotions of a new iPhone/Samsung with 80% discount – they were not just of low quality or unconvincing. All these things point to some serious problems within Google’s team that is in order for reviewing advertisements to post.

Another side of the coin is scoundrels who actually organise this mess. Most of the time, events of this sort are aimed at spreading malware. The more such methods are available, the more sustainable the hackers’ “business”. At the edge of 2022, Microsoft finally banned the execution of macros that come from the Internet. Macros are MS Office applets that allow dynamically-updated content to the documents. The breaches in the mechanism used to handle them are so easy to exploit that hackers were using it massively to drop the malware payload. After that ban, crooks started searching for another remedy for their shady deeds. And Google Search ads happened on their way.

Is Google Search malvertising dangerous?

Google has immense user coverage. With over 8 billion queries a day, it makes search results probably one of the biggest advertising networks under the sun. One malicious ad may be seen by millions, and thousands will click it. When there are at least 10 topics that contain malicious Google ads – things go worse by orders of magnitude.

Last night my entire digital livelihood was violated.

Every account connected to me both personally and professionally was hacked and used to hurt others.

Less importantly, I lost a life changing amount of my net worth

— NFT God (@NFT_GOD) January 15, 2023

Above you may see a sad story of a Twitter user with the nickname NFT God, who got some serious damage after being baited to download OBS Studio via such a fake link.

As research shows, most of the time malware that is delivered after following that link aims at stealing data. The file you are offered to download is not malware itself, it is a malignant script whose sole purpose is to contact the C&C server. It, in turn, sends malware to your device, using a connection that the script has established. Spyware that arrives in such a way will give no chance to your privacy. Ransomware is yet another malware type that may arrive through such an approach.

Other possible instances of Google Search malvertising contain tech support scam offers. That is the case when a group of rascals imposes legit tech support. They usually take the name of Microsoft, and the banners usually contain “urgent security note from Microsoft”. Such a note says your PC is either blocked or flooded with malware, and you need to contact their “support” urgently. The number posted on the banner leads you to a scam tech support that will force you to either give remote access to your PC or install a questionable program “to clean the system”.

How to protect me from Google Search malvertising?

Google used to pay a lot of attention to its ads. Possibly, it just has some problems with retaining concentration, thus the problem will be fixed pretty quickly. But it is always better to hope for the best and be ready for the worst.

• Avoid advertisements in Google Search. Even if you see them having a link to a legit site, it is not always representative of where it will send you. When the top search results consist generally of ads, scroll down to find the links to genuine pages.
• Use a different search engine. Being the biggest search engine does not always mean having outstanding search results. Some people prefer DuckDuckGo because of its claims about being free of tracking and telemetry. However, it may fit the case of fishy ads in Google Search as well. You are free to try any of the ones present on the market.
• Apply using decent anti-malware software. Only by having a tool that can effectively say if the file you’ve got from the Internet is clear or malicious will you be sure about your actions. Having one which is able to block access to malicious sites will seriously mitigate the problem. GridinSoft Anti-Malware is the one that can fulfill both needs – malware detection and network security. Constant database updates allow it to retain efficiency even against the latest threats.

The post Google Search Malvertising: Fake Ads of Free Programs in Google Ads appeared first on Gridinsoft Blog.

A historic legal event took place when, after accusations of unlawful discrimination put in the design of the targeted advertising system employed by Meta, the company agreed to cease using the tool and pay the penalty of around $115,000.

The source of the news is the June 21 official statement of the U.S. Department of Justice.

The Department of Housing and Urban Development (HUD) has investigated discrimination in Meta ad-serving software. The official charge (of discrimination) issued by HUD on On March 28, 2019 was a nudge to start the disputed lawsuit. The fact is that in order to select the audience for advertisements for the sale and rental of housing, the Meta ad distribution system employs the criteria mentioned in the Civil Rights Act of 1968, namely its eighth and ninth parts, also known as Fair Housing Act. This law states that the sale or rental of housing must not involve discrimination on the part of the property owner, and this applies to both the transactions themselves and the advertising that precedes them. Advertising must not discriminate against the audience based on race, sex, gender, religion, sexual orientation, etc. The prosecution argues that this is exactly what happens when the ad targeting system, based on the data mentioned, does not allow part of the audience to see some ads at all. At the same time, people are not even aware of such filtering.

Significantly, this is the first time the law has been applied to digital advertising and digital targeting mechanisms. The U.S. Department of Justice noted that the Meta agreed to develop a new tool under the supervision of the DoJ. The new product must exclude discrimination and be built on other filtering criteria. The U.S. Attorney for the Southern District of New York, Damian Williams, said that if Meta continues to use discriminatory technologies, the civil rights lawsuit will not be dismissed and litigation will continue.

For the time being, Meta has a settlement of the lawsuit and seven months (until December 31) to come up with the revised ad-targeting tool. Otherwise, the corporation would have to stand before a federal court.

The post Meta to Give up its Discriminating Ad-Targeting System appeared first on Gridinsoft Blog.

Five years back a poll was carried out and results shows security-conscious browser users overwhelmingly voted Firefox as the most secure. But during the annual Pwn2own hacking contest in March 2014, Firefox was exploited four times with zero-day attacks, making it one of the least secure browsers.

To complicate matters further, a 2013 comparative analysis of five popular Web browsers by NSS Labs found that Internet Explorer outperformed its competitors. Even so, the NSS Labs research showed that no single browser uniformly protected users against the majority of security threats and privacy risks.

If no single browser is bulletproof, the next best thing is to make sure your favorite browser is as secure as possible. Here are some ways you can enhance the security of your browser and be hackproof:

1. Configure your browser’s security and privacy settings

Review your browser’s privacy and security settings to make sure you’re comfortable with what’s checked or unchecked. For example, look to see if your browser is blocking third-party cookies, which can enable advertisers to track your online activities.

For specific browser security and privacy settings, read the recommendations and steps outlined in the Department of Homeland Security’s “Securing Your Web Browser”. The guide also explains browser features and their associated risks, such as ActiveX, Java, certain plug-ins, cookies, and JavaScript.



2. Keep your browser updated

Frequently, browser updates are released to plug recently discovered security holes. So it’s important to always keep any browsers you use updated.

3. Sign up for alerts

Consider setting up Google alerts for your browser to stay current on any emerging security issues. If you use Internet Explorer, for example, create a Google Alert using the keywords Internet Explorer security, or something similar. You can opt to receive instant, daily or weekly alerts whenever news articles or other content relevant to that topic hits the Web.



4. Be cautious when installing plug-ins

Plug-ins and extensions can sometimes put you at risk. For instance, earlier this year, it was discovered that some Chrome extensions can change service or ownership without notification to users. As a result, Chrome’s regulations for extensions is changing this June to keep extensions from becoming anything other than “simple and single-purpose in nature,” according to Google.

5. Make sure you have an AV installed

Potentially unwanted programs (PUPs) can slip past when you install any sort of software. These little buggers can switch browsers on you without warning and you might never even notice. Keeping a reputable antivirus program like GridinSoft Anti-Malware installed is one of the best ways to keep PUP from hijacking your browser and ruining your day.



6. Install security plug-ins

The majority of plug-ins and extensions are safe, however, and some can help bolster your browser’s security. Here are three suggested—and free—browser extensions for added security.

• HTTPS Everywhere

The Electronic Frontier Foundation and The Tor Project jointly developed this Firefox, Chrome, and Opera extension. HTTPS is a communications protocol for securing communications over a computer network, vs. the standard HTTP protocol, which is more widely used but less secure. (The ‘S’ in HTTPS stands for ‘secure.’) HTTPS Everywhere encrypts communication with many major websites to help secure your browsing experience.

• LongURL.org

If you’re on Twitter or Facebook and you see a shortened link embedded in an interesting post, you might click it without a second thought. But shortened links have been known to mask malicious links. If you’re unsure of a shortened link, copy and paste it into the search box at LongURL.org. You’ll see where the link would take you, without having to actually click through to the site. LongURL.org is also available as a Firefox browser extension.

• Use Internet Protection from GridinSoft Anti-Malware

Internet Protection feature blocks all suspicious sites in your browser. Also, it’s prevents downloading of dangerous applications.

The post How can you enhance the security of your browser? appeared first on Gridinsoft Blog.

The extensions were originally conceived¹ as tools for more convenient interaction with sites. For example, they can remove undesirable elements on the site, such as advertising, or disable autoplay videos. They can also allow you to download videos from sites where this function is not provided, translate the text into another language, check the text for errors, add additional panels bookmarks to the browser, etc.

Can Browser Extensions Hack You?

Are browser extensions safe? – you might ask. Well, yes. But actually, no. It depends on the type of extension and the permissions granted to it. The main danger is the extensions that have more permissions.

On the one hand, most extensions do not require many permissions to perform their tasks, and browsers will learn to control these permissions. For example, some can only work on specific sites, and some need a click on the extension to run.

On the other hand, the problem is that most extensions do have permission to work on all sites and full access to everything, which can cause serious security problems.

If cybercriminals need to hack someone, they can use a browser extension to fulfill some of their goals. Usually, the victims, without suspecting, download extensions for browsers or mobile applications that already contain malicious code.

How do browser extensions work?

Extensions bring additional features to the site, such as extended menus. They also disable video playback or hide unnecessary elements on the site. In some browsers, they are also called add-ons or plug-ins.

They are created mainly using languages such as HTML, CSS, and JavaScript and provided to the user as an archive, which is downloaded from the official store and installed in a single click. Some extensions were created directly by web browser developers, and third-party developers created some.

Since most extensions have partial or full access to everything you do online, they can track your browsing, capture passwords, and customize advertising based on your story.

However, extensions do not always gain full access themselves, and sometimes the user knowingly or unknowingly provides it. For example, if you read carefully everything they write when installing an extension, you will probably see something like “read and modify all data on visited websites.”

Most of us do not think about such messages and install extensions without considering the possible consequences.

What threats can browser extensions pose?

Below are some privacy and security issues that extensions may cause.

• They can be potential keyloggers. It means that they can record all in-browser keystrokes. Any text you enter from the keyboard can be intercepted. Yes, logins, passwords, and other confidential data such as credit card details are all in jeopardy. The leakage of such information could have unfortunate consequences.

• Malicious extensions can redirect traffic elsewhere.

• Dangerous extensions can even download malware (adware, for example.)

• Some extensions may collect browsing history and pass it to advertisers or third parties.

• Most extensions can be automatically updated. If the official extension was hijacked and then updated on the device, you might not know.

Unfortunately, even official extension stores cannot guarantee complete security when using extensions, although they continue to struggle with this problem. Thus, in 2020 alone, Google removed 106 extensions from the store because they could steal users’ confidential data.

How to minimize the risks of using extensions

Now we know what dangers browser extensions can carry. Here are some tips that will help us minimize all risks.

1. Try not to install many extensions. Too many installed extensions can carry a potential danger and greatly slow down the browser operation and opening sites. In addition, some extensions may conflict with each other. Modern browsers have most of the necessary features you can easily use without extra extensions, such as saving articles for later reading or case lists.
2. Sometimes after a browser update, proper functionality of extensions is added to the browser itself so that the need for such extensions disappears by itself. In this case, it would be more appropriate to delete such an extension in order not to clutter up the browser and avoid the potential danger of a malicious plugin.
3. Try to install extensions exclusively from official stores such as the Chrome Web Store, Mozilla, or MS Store. Do not install extensions from unreliable sources. For example, if you find an add-on on an unknown site to customize popular services like YouTube or Gmail, do not install such an extension. You have no way to verify what it is and what functions it performs. Alternatively, try to find this extension in the official store. If it is not there, take it as a clear hint that the add-on may be potentially dangerous.
4. Check the developer of the extension. Serious developers (e.g., Google or Microsoft) always care about the security of their products. As a result, their extensions are usually safe and do not leak data to third parties. Google also uses machine learning that helps block malicious extensions and protect users, while Mozilla conducts automated validation checks on Firefox plugins. But even so, you should always be careful when installing extensions, even from trusted developers.
5. Remove unused extensions. If you have an extension you haven’t used in a long time, uninstall it.
6. Periodically look at the list of installed extensions and remove those you do not use. Especially pay attention to extensions from third-party developers and those that have not been updated for a long time.

This way, you will speed up your browser. If you install many extensions, periodic cleaning will help maintain your browser’s high performance.

Does Microsoft Edge support Chrome extensions?

Microsoft Edge is built on Chromium, and it supports all extensions that Chrome supports. If you need to work in Edge, you can install all the extensions you have in your Chrome browser thereon.

Be safe!

The post Browser Extensions: Are They Safe? appeared first on Gridinsoft Blog.

Alas!

The browser starts to act stupid, redirecting and taking you places filled with creepy adverts or worse yet, issuing warnings of possible harm if you don’t “Update Your Flash Player.” And while the naïve would likely fall for the trap, smart and tech-savvy individuals may automatically note the adware running in the background. But as ubiquitous as the phenomenon is, adware attacks are a discreet way cyber criminals are using to make money off the unsuspecting.

Though it is probably the most popular way of telling that you are under attack, there are other subtle and perhaps less ferocious cyber attacks. There’s a form of adware gradually going mainstream. Besides redirecting, the virus goes ahead and alters your default search engine to something weird.

You start your PC, ready to browse the web, but once you key in whatever you need to search the web, you are redirected to a page with bizarre search results. It happens often and hurts the unsuspecting!

Pop-ads are yet another sign your computer is under an immense adware attack.

Simple as they appear, these pop-ads can be a source of immense misery, hurt your typical browsing habits and perhaps steal valuable data as you browse.

Many other times, these malicious occurrences make the PC act slower than it normally does, including lowering the average browsing speed and how the computer executes simple tasks. Of course, the phenomenon becomes more suspicious when you note the occurrence yet your PC doesn’t have a heavy program running or when you’re connected to a fast internet.

How Adware Works

Generally, these malicious tools are embedded into ‘free-ware’ or pirated software and act as part of a bundle of payment to the proprietor of the freely downloaded software.

Adware is simple software that comes with integrated advertising materials, including those that trigger redirects and pop-ups.

Mostly, the adware is activated whenever the tool that it is embedded in runs and the PC is connected to the internet.

At the moment, many software developers offer their products as “sponsored software” so that the ad pays for the free services provided. It is a pretty common type of adware and may continue until the user pays to register and thus unlock the ad off the software.

Regardless of how they work, these malicious attacks are very much annoying. Pop-ads waste a lot of time, while redirects and the slowing down of the PC hurt the ordinary performance of the computer. Aside from these, adware can set the stage for various other attacks, including spyware, ransomware and virus attacks.

How to avoid Adware

Tip #1 Never click any suspicious-looking pop-up windows and ads
Tip #2 Don’t answer or reply unsolicited emails and messages
Tip #3 Exercise utmost caution when downloading free software applications

Above all, invest in the best malware removal software. GridinSoft Anti-Malware does a great job!

The post Adware Everywhere: Who Knows What Is Happening? appeared first on Gridinsoft Blog.

What Is Adware And Is It As Lethal As The Other Malicious Programs?

Adware or ad-sponsored software could be subtly harmless or aggravatingly consistent and deadly, depending on a couple of factors.

Mostly, the program is designed to benefit the marketer by collecting information regarding the target’s preferences. But that’s not where their work stops!

It will embark on removing all browser’s restrictions, change programs and browser setting and even alter the most preferred home page, all these happening without the PC owner’s consent. It would sound like a joke until endless and annoying ads pop-up out of nowhere.

However, some Adware programs are rather tolerable, primarily serving as the direct channel to deliver sales messages without those bothersome features. Software like Skype comes with adware in the form of embedded adverts, and they are specifically there to aid in the cost of development. Upon purchasing the premium version, ads are done away with altogether.

More lethal and irksome types that do all kinds of ills, from changing the browser’s default search engine to issuing stupid warnings to trick into buying an item exist. These far more insidious types don’t ask for permission to portray an ad. Typically, they thrive in illegal websites and display all kinds of ad banners, pop-ups, and other bizarre information, often in a more forceful manner.

At least, there are six different and terrifying ways cunning marketers are using to promote and showcase their items. Some of the most prevalent forms of adware include:

1. Numerous, intimidating ads and banners that cover the entire web page or blur the relevant information.
2. In-text ads with information – they tend to appear in-between the page.
3. Automatic video adverts that start to play once the page is opened.
4. Redirects from the main browser page – you are redirected to a particular web store and prompted to buy an item.
5. Pop-ups and pop-unders – you’re led to an online store or a blank page and teased that you’ve won a lottery so that you can submit your details.
6. Couponware, Reminderware, Loyaltyware, PPV, CPV, PopUps, Pop Unders, interruptive, interstitials.

Scammers are scheming and usually target import details such as the computer’s IP address, email address, names, credit card information and other personal data. All of them will be auctioned off to third-party marketers for a colossal sum of money. Quite honestly, adware programs are virtually infinite, and it get’s quite hard to stop all of them. However, just ensure you’ve got a premium, reputable anti-malware software.

The post 6 Terrifying Samples How Marketers Use Adware appeared first on Gridinsoft Blog.