Adware Installs InfoStealer Trojan That Loads via Chrome DLL Hijacking

Researchers have discovered that the "AdService" trojan is being distributed by threat actors via adware bundles. This Trojan performs Dynamic Link Library (DLL) hijacking in Chrome web browsers. AdService is capable of stealing passwords for online accounts such as Facebook and Twitter.

Threat ID:: CC-1656
Category:: PUP/PUA, Spyware, Trojan
Threat Severity:: Medium
Threat Vector:: Download
Published:: 21 September 2017 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

Affected platforms

The following platforms are known to be affected:

Google Chrome

Chrome web browsers

Threat details

AdService is capable of stealing passwords for online accounts such as Facebook and Twitter.

Remediation steps

Type	Step
	The AdService Trojan is installed on a victim's computer via free programs that do not disclose that other software is being installed along with it. All applications should be carefully researched prior to installing on a personal or work machine. Additionally, all applications should only be downloaded from trusted vendors. Always choose the custom installation as it is more likely to disclose other applications being installed. Check that you are getting the installer from the author's website and not a third party installer. It is also recommended to have trusted antivirus software installed and that it always kept up-to-date, as AdService is detected by most of the antivirus vendors.

Type

Step

The AdService Trojan is installed on a victim's computer via free programs that do not disclose that other software is being installed along with it. All applications should be carefully researched prior to installing on a personal or work machine. Additionally, all applications should only be downloaded from trusted vendors. Always choose the custom installation as it is more likely to disclose other applications being installed. Check that you are getting the installer from the author's website and not a third party installer. It is also recommended to have trusted antivirus software installed and that it always kept up-to-date, as AdService is detected by most of the antivirus vendors.

Last edited: 17 February 2020 11:25 am