The end result is that it behaves exactly like one would expect a normal MPlayerX installer to work… it just installs MPlayerX.
MPLAYER OSX EXTENDED VIRUS SOFTWARE
When run in a virtual system in Parallels, however, this installer skips over the Configure phase entirely! No adware or third-party junk software is offered or installed. This is not particularly new, and has been described here before, although never with an installer downloaded directly from the MPlayerX site. When run on a “real” computer, the installer goes through a “Configure” phase in which it offers a Yahoo Search extension (adware), a copy of MacKeeper and a copy of ZipCloud. This is done because malware researchers often run malware in a virtual machine, because this isolates the malware and makes it easy to store the system’s infected state for later reference or revert the system to a previous state.Ī new MPlayerX installer, this time available directly from the MPlayerX website, is exhibiting exactly this behavior. Malware that detects that it is being run in a virtual machine, for example, will not display any malicious behaviors.
One such trick in the news right now is the Rombertik malware on Windows, which will erase files on the hard drive (including an attempt to damage system files) if it thinks it’s being tampered with.Ī more common trick, though, is to simply act normal. Malware has used many tricks to foil analysis over the years. Worse, the installer is now displaying malware-like behavior, by trying to foil analysis! However, it now appears that the folks behind MPlayerX are definitely in on the scam. Most of the time, MPlayerX is installed along with the adware to (somewhat) disguise the fact that anything else was installed. MPlayerX has long been used as “bait” to convince people to run adware installers.
0 kommentar(er)
