More than 12 million PC users are facing the risk of adware and spyware attacks after they have downloaded a number of computer utilities from Tuto4PC, a company based in France.
According to security researchers at Cisco, there is a high risk that the utilities published by Tuto4PC drop Trojan on a computer with the goal of wreaking havoc on the machine or on the user himself. The computer utilities first appear as harmless software, but once they are installed in the computer, the utilities suddenly transform into a sort of malware that injects the Wizz Trojan into the machine.
Since the utilities are installed with the computer owner’s administrator privileges, it follows that the malware is also installed with the same privilege level, enabling the Trojan to scrape personal data off the computer and allow the attacker to upload and launch executables in the machine.
It works like an advanced persistent threat, hiding from antivirus tools provided by security vendors or detection methods employed by security analysts. When the Wizz Trojan perceives that it is being analyzed, the malware seems to become inactive and tries to detect what kind of antivirus software is operating on the computer. But the Trojan’s capability to identify a running sandbox or any other security forensic solution is not what is most alarming about it: it’s the malware’s capability to install software on the machine without the owner knowing it.
Cisco security experts believe the Trojan also acts like a backdoor since it installs software in the background with no user consent. From every indication, it contains almost all of the traits and behavior of a backdoor, according to the Cisco team that analyzed the malware.
Tuto4PC has been known to run into troubles in the past. Over the last couple of years beginning in 2012, the company saw the ire of legislators in France because the company installed software tools on the computers of individuals without asking first their consent. That could explain why the computer utilities published by the French company also managed to install scareware with no prior consent from the users.
The company’s attempt to conceal its Trojan does not seem to work for long because major security vendors have the capability to detect it somehow. The company’s goal, perhaps, is to spread spyware and adware to as many victim computers as it can all over the world. That’s an ambitious goal.