AnalyticParameter Adware Threat Intelligence

CloudSEK threat intelligence advisory on AnalyticParameter, adware that spreads via fake Adobe Flash Player installers, targeting Mac users.

Updated on

April 19, 2023

Published on

December 10, 2020

Read MINUTES

Subscribe to the latest industry news, threats and resources.

Table of Contents

This is also a heading
This is a heading

Advisory	Malware Intelligence
Malware Type	Adware
Target	Mac Platforms

AnalyticParameter is an adware application that masquerades as a search extension. It targets Mac system users by hijacking their browsers. The adware was spotted in October 2020. It infects via installation setups of fake programs using the deceptive technique of pre-packing regular software with malicious ones. After infection, the system becomes slower than normal, the victim sees unwanted pop-up ads, and are redirected to dubious websites. The carriers of this adware are usually deceptive pop-up ads, free software installers, fake Flash Player installers, and torrent file downloads. It promotes d2sri[.]com on Safari browsers and search[.]locatorunit[.]com on Google Chrome browsers. Similar to other adware, these browser hijackers spy on users' browsing activities and may even record their logs. And since AnalyticParameter is distributed via malicious methods, it is also classified as a PUA (Potentially Unwanted Application). One of most popular techniques used to distribute PUA is via fake Adobe Flash Player updaters. Adware delivers pop-ups, banners, coupons, surveys, and other intrusive advertisements.

Impact

Technical Impact

Adware enables keylogging, which compromises users' passwords.
Its computational capabilities can be used to perform 3rd party tasks, thus slowing down every process.
Malware steals user data, compromising browser information and saved passwords.

Business Impact

Confidentiality of the data is lost and may even be made public.
Malware employs digital fingerprinting techniques against users.
Adware can monitor users’ behaviour.

Indicators of Compromise

1. Promoted URLs-

d2sri[.]com (Safari)
search[.]locatorunit[.]com (Google Chrome)

2. Filename

AnalyticParameter[.]zip

3. MD5- 31daae9c5906dd66e5d5b79e7c72f1b9 4. SHA1- 141c7255d45e481e258fb888c996823f9cd2ce81 5. SHA256- 36435560443fd4f364ba79dbea4627aa16b4d2fbfe5542a70c24d0ce0a631bc2

Mitigation

Don’t open suspicious, irrelevant emails, especially when they are from unknown/ suspicious senders.
Block the installation of programs from unknown sources.
Download only from a relevant and trusted source.
Update/ activate apps/ products with the support provided by genuine developers. Although it may be tempting, avoid installing cracked apps from third party sources as they could be infected with malware.
Software should be kept up-to-date.
Anti-virus is essential.

CloudSEK Platform is a no-code platform that powers our products with predictive threat analytic capabilities.

Table of Contents

This is also a heading
This is a heading

Recent Articles

Critical CSRF Vulnerability in IBM CICS TX - CVE-2023-42027 Demands Immediate Action

November 15, 2023

CVE-2023-43792 baserCMS is a website development framework vulnerable to Code Injection attacks

November 6, 2023

Get Global Threat Intelligence on Real Time

Protect your business from cyber threats with real-time global threat intelligence data.. 30-day free and No Commitment Trial.

Schedule a Demo

Real time Threat Intelligence Data

More information and context about Underground Chatter

On-Demand Research Services

Global Threat Intelligence Feed

Protect and proceed with Actionable Intelligence

The Global Cyber Threat Intelligence Feed is an innovative platform that gathers information from various sources to help businesses and organizations stay ahead of potential cyber-attacks. This feed provides real-time updates on cyber threats, including malware, phishing scams, and other forms of cybercrime.

Trusted by 400+ Top organisations

Get started

Learn more