Researchers blast Swedish developer WakeNet AB for ‘deceptively’ spreading adware

Bad actors are using tools like 'embed movie' to coax victims into installing software that house adware

Graphic of pop-up advertising appearing on-screen

A pay-per-install (PPI) software firm has been accused of using increasingly deceptive tactics to convince online users to install potentially harmful software - while generating large revenues in the process, it has been claimed by security researchers. 

WakeNet AB, which develops e-marketing platform FileCapital, offers malicious actors the tools to spread infected files and adware. These potentially unwanted programmes (PUPs) have the semblance of software with useful functionality, but pose risks to users and can seriously hamper performance.

Advertisement - Article continues below

FileCapital, the software under fire, allows malicious actors to install several PUPs on users' machines, including Wajam, which replaces display advertising with its own, and OnlineApp, a proxy which routes traffic through its own servers.

According to security researchers from McAfee, more than 1.9 million detections were seen in the wild during a 10 month period from September 2017 and June 2018 - predominately targeting devices in Germany, but also the UK and US. Overall, there were infections present in 178 countries.

"WakeNet AB has remained active for 19 years with little outcry," according to McAfee's senior security scientist Oliver Devane and security researcher Charles Crofford, who warned that installing FileCapital leads to PUP infections.

"Meanwhile, PUPs, which are more numerous than malware, plague users around the world. PUP development is unlikely to slow because they earn their distributors considerable sums.

Advertisement - Article continues below

"The security industry needs to do more to investigate companies that create PUPs and raise awareness among customers of their bad practices."

FileCapital offers its customers a variety of marketing tools such as embedded movies, landing pages, banners and buttons to coax victims into installing bundled apps that house different PUPs.

Advertisement - Article continues below

An online user, for instance, may believe they are installing a helpful performance cleaner onto their machine, only to find this is disguised as malicious software that could lead to reduced performance and the appearance of pop-up advertising.

The embed movie function, which is described as "by far the worst" function, can allow customers to create a fake video website to show a 'codec missing' message and entice users into downloading the bundled installer. This feature is normally prevalent on illegal football and film streaming websites.

Meanwhile, the revenue WakeNet AB generated in one year through misusing pay-per-install, according to McAfee, put it above some of the most prevalent ransomware strains - with its 2017 financial statements showing the company reaped $2 million.

"As of now, it seems unlikely that PUP development will slow since it helps their distributors earn a considerable amount of money," said McAfee's chief consumer security evangelist Gary Davis.

"With that said, it's important now more than ever for users to be aware of the security risks involved with PUPs like the ones spread by WakeNet's FileCapital."

IT Pro contacted WakeNet AB for comment but it had not responded to our request at the time of publication. 

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now


ethical hacking

Mobile banking apps are exposing user data to attackers

26 Jun 2020

Most malware came through HTTPS connections in Q1 2020

25 Jun 2020

Phishing attacks target unsuspecting Wells Fargo customers

24 Jun 2020

Trump administration wants to enhance the security of .gov sites

24 Jun 2020

Most Popular

Business operations

Nvidia overtakes Intel as most valuable US chipmaker

9 Jul 2020

How to find RAM speed, size and type

24 Jun 2020

The best server solution for your SMB

26 Jun 2020