Researchers blast Swedish developer WakeNet AB for ‘deceptively’ spreading adware

Bad actors are using tools like 'embed movie' to coax victims into installing software that house adware

Graphic of pop-up advertising appearing on-screen

A pay-per-install (PPI) software firm has been accused of using increasingly deceptive tactics to convince online users to install potentially harmful software - while generating large revenues in the process, it has been claimed by security researchers. 

WakeNet AB, which develops e-marketing platform FileCapital, offers malicious actors the tools to spread infected files and adware. These potentially unwanted programmes (PUPs) have the semblance of software with useful functionality, but pose risks to users and can seriously hamper performance.

FileCapital, the software under fire, allows malicious actors to install several PUPs on users' machines, including Wajam, which replaces display advertising with its own, and OnlineApp, a proxy which routes traffic through its own servers.

According to security researchers from McAfee, more than 1.9 million detections were seen in the wild during a 10 month period from September 2017 and June 2018 - predominately targeting devices in Germany, but also the UK and US. Overall, there were infections present in 178 countries.

"WakeNet AB has remained active for 19 years with little outcry," according to McAfee's senior security scientist Oliver Devane and security researcher Charles Crofford, who warned that installing FileCapital leads to PUP infections.

"Meanwhile, PUPs, which are more numerous than malware, plague users around the world. PUP development is unlikely to slow because they earn their distributors considerable sums.

"The security industry needs to do more to investigate companies that create PUPs and raise awareness among customers of their bad practices."

FileCapital offers its customers a variety of marketing tools such as embedded movies, landing pages, banners and buttons to coax victims into installing bundled apps that house different PUPs.

An online user, for instance, may believe they are installing a helpful performance cleaner onto their machine, only to find this is disguised as malicious software that could lead to reduced performance and the appearance of pop-up advertising.

The embed movie function, which is described as "by far the worst" function, can allow customers to create a fake video website to show a 'codec missing' message and entice users into downloading the bundled installer. This feature is normally prevalent on illegal football and film streaming websites.

Meanwhile, the revenue WakeNet AB generated in one year through misusing pay-per-install, according to McAfee, put it above some of the most prevalent ransomware strains - with its 2017 financial statements showing the company reaped $2 million.

"As of now, it seems unlikely that PUP development will slow since it helps their distributors earn a considerable amount of money," said McAfee's chief consumer security evangelist Gary Davis.

"With that said, it's important now more than ever for users to be aware of the security risks involved with PUPs like the ones spread by WakeNet's FileCapital."

IT Pro contacted WakeNet AB for comment but it had not responded to our request at the time of publication. 

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

FBI warns of ongoing corporate vishing attacks
phishing

FBI warns of ongoing corporate vishing attacks

19 Jan 2021
Hackers using COVID vaccine as a lure to spread malware
hacking

Hackers using COVID vaccine as a lure to spread malware

15 Jan 2021
Cyber criminals bypassing MFA to access cloud service accounts
two-factor authentication (2FA)

Cyber criminals bypassing MFA to access cloud service accounts

14 Jan 2021
Capcom data breach adds another 40,000 estimated victims
data breaches

Capcom data breach adds another 40,000 estimated victims

13 Jan 2021

Most Popular

IT retailer faces €10.4m GDPR fine for employee surveillance
General Data Protection Regulation (GDPR)

IT retailer faces €10.4m GDPR fine for employee surveillance

18 Jan 2021
Citrix buys Slack competitor Wrike in record $2.25bn deal
collaboration

Citrix buys Slack competitor Wrike in record $2.25bn deal

19 Jan 2021
Should IT departments call time on WhatsApp?
communications

Should IT departments call time on WhatsApp?

15 Jan 2021