AnalyticParameter Adware Threat Intelligence
Published 10 December 2020
- This adware application masquerades as a search extension targeting Mac users.
- AnalyticParameter hijacks browsers and records users' keystrokes.
Share this Threat Intel:
AnalyticParameter is an adware application that masquerades as a search extension. It targets Mac system users by hijacking their browsers. The adware was spotted in October 2020. It infects via installation setups of fake programs using the deceptive technique of pre-packing regular software with malicious ones. After infection, the system becomes slower than normal, the victim sees unwanted pop-up ads, and are redirected to dubious websites.
The carriers of this adware are usually deceptive pop-up ads, free software installers, fake Flash Player installers, and torrent file downloads. It promotes d2sri[.]com on Safari browsers and search[.]locatorunit[.]com on Google Chrome browsers. Similar to other adware, these browser hijackers spy on users’ browsing activities and may even record their logs. And since AnalyticParameter is distributed via malicious methods, it is also classified as a PUA (Potentially Unwanted Application). One of most popular techniques used to distribute PUA is via fake Adobe Flash Player updaters. Adware delivers pop-ups, banners, coupons, surveys, and other intrusive advertisements.
- Adware enables keylogging, which compromises users’ passwords.
- Its computational capabilities can be used to perform 3rd party tasks, thus slowing down every process.
- Malware steals user data, compromising browser information and saved passwords.
- Confidentiality of the data is lost and may even be made public.
- Malware employs digital fingerprinting techniques against users.
- Adware can monitor users’ behaviour.
Indicators of Compromise
1. Promoted URLs-
- d2sri[.]com (Safari)
- search[.]locatorunit[.]com (Google Chrome)
3. MD5- 31daae9c5906dd66e5d5b79e7c72f1b9
4. SHA1- 141c7255d45e481e258fb888c996823f9cd2ce81
5. SHA256- 36435560443fd4f364ba79dbea4627aa16b4d2fbfe5542a70c24d0ce0a631bc2
- Don’t open suspicious, irrelevant emails, especially when they are from unknown/ suspicious senders.
- Block the installation of programs from unknown sources.
- Download only from a relevant and trusted source.
- Update/ activate apps/ products with the support provided by genuine developers. Although it may be tempting, avoid installing cracked apps from third party sources as they could be infected with malware.
- Software should be kept up-to-date.
- Anti-virus is essential.