Home
Threat Intelligence Posts
Adversary Intelligence

AnalyticParameter Adware Threat Intelligence

CloudSEK threat intelligence advisory on AnalyticParameter, adware that spreads via fake Adobe Flash Player installers, targeting Mac users.
Updated on
April 19, 2023
Published on
December 10, 2020
Read MINUTES
5
Subscribe to the latest industry news, threats and resources.
Advisory Malware Intelligence
Malware Type Adware
Target Mac Platforms
  AnalyticParameter is an adware application that masquerades as a search extension. It targets Mac system users by hijacking their browsers. The adware was spotted in October 2020. It infects via installation setups of fake programs using the deceptive technique of pre-packing regular software with malicious ones. After infection, the system becomes slower than normal, the victim sees unwanted pop-up ads, and are redirected to dubious websites. The carriers of this adware are usually deceptive pop-up ads, free software installers, fake Flash Player installers, and torrent file downloads. It promotes d2sri[.]com on Safari browsers and search[.]locatorunit[.]com on Google Chrome browsers. Similar to other adware, these browser hijackers spy on users' browsing activities and may even record their logs. And since AnalyticParameter is distributed via malicious methods, it is also classified as a PUA (Potentially Unwanted Application). One of most popular techniques used to distribute PUA is via fake Adobe Flash Player updaters. Adware delivers pop-ups, banners, coupons, surveys, and other intrusive advertisements.

Impact

Technical Impact 
  1. Adware enables keylogging, which compromises users' passwords.
  2. Its computational capabilities can be used to perform 3rd party tasks, thus slowing down every process.
  3. Malware steals user data, compromising browser information and saved passwords.
Business Impact
  1. Confidentiality of the data is lost and may even be made public. 
  2. Malware employs digital fingerprinting techniques against users.
  3. Adware can monitor users’ behaviour. 

Indicators of Compromise

1. Promoted URLs-
  • d2sri[.]com (Safari) 
  • search[.]locatorunit[.]com (Google Chrome)
2. Filename
  • AnalyticParameter[.]zip
3. MD5- 31daae9c5906dd66e5d5b79e7c72f1b9 4. SHA1- 141c7255d45e481e258fb888c996823f9cd2ce81 5. SHA256- 36435560443fd4f364ba79dbea4627aa16b4d2fbfe5542a70c24d0ce0a631bc2

Mitigation

  1. Don’t open suspicious, irrelevant emails, especially when they are from unknown/ suspicious senders.
  2. Block the installation of programs from unknown sources.
  3. Download only from a relevant and trusted source.
  4. Update/ activate apps/ products with the support provided by genuine developers. Although it may be tempting, avoid installing cracked apps from third party sources as they could be infected with malware.
  5. Software should be kept up-to-date.
  6. Anti-virus is essential.
CloudSEK Platform is a no-code platform that powers our products with predictive threat analytic capabilities.
Recent Posts

Recent Articles

Critical CSRF Vulnerability in IBM CICS TX - CVE-2023-42027 Demands Immediate Action
November 15, 2023
CVE-2023-43792 baserCMS is a website development framework vulnerable to Code Injection attacks
November 6, 2023

Get Global Threat Intelligence on Real Time

Protect your business from cyber threats with real-time global threat intelligence data.. 30-day free and No Commitment Trial.
Schedule a Demo
Real time Threat Intelligence Data
More information and context about Underground Chatter
On-Demand Research Services
Dashboard mockup
Global Threat Intelligence Feed

Protect and proceed with Actionable Intelligence

The Global Cyber Threat Intelligence Feed is an innovative platform that gathers information from various sources to help businesses and organizations stay ahead of potential cyber-attacks. This feed provides real-time updates on cyber threats, including malware, phishing scams, and other forms of cybercrime.
Trusted by 400+ Top organisations
Get started
Learn more