AnalyticParameter Adware Threat Intelligence

Summary

CloudSEK threat intelligence advisory on AnalyticParameter, adware that spreads via fake Adobe Flash Player installers, targeting Mac users.
Advisory Malware Intelligence
Malware Type Adware
Target Mac Platforms
  AnalyticParameter is an adware application that masquerades as a search extension. It targets Mac system users by hijacking their browsers. The adware was spotted in October 2020. It infects via installation setups of fake programs using the deceptive technique of pre-packing regular software with malicious ones. After infection, the system becomes slower than normal, the victim sees unwanted pop-up ads, and are redirected to dubious websites. The carriers of this adware are usually deceptive pop-up ads, free software installers, fake Flash Player installers, and torrent file downloads. It promotes d2sri[.]com on Safari browsers and search[.]locatorunit[.]com on Google Chrome browsers. Similar to other adware, these browser hijackers spy on users' browsing activities and may even record their logs. And since AnalyticParameter is distributed via malicious methods, it is also classified as a PUA (Potentially Unwanted Application). One of most popular techniques used to distribute PUA is via fake Adobe Flash Player updaters. Adware delivers pop-ups, banners, coupons, surveys, and other intrusive advertisements.

Impact

Technical Impact 
  1. Adware enables keylogging, which compromises users' passwords.
  2. Its computational capabilities can be used to perform 3rd party tasks, thus slowing down every process.
  3. Malware steals user data, compromising browser information and saved passwords.
Business Impact
  1. Confidentiality of the data is lost and may even be made public. 
  2. Malware employs digital fingerprinting techniques against users.
  3. Adware can monitor users’ behaviour. 

Indicators of Compromise

1. Promoted URLs-
  • d2sri[.]com (Safari) 
  • search[.]locatorunit[.]com (Google Chrome)
2. Filename
  • AnalyticParameter[.]zip
3. MD5- 31daae9c5906dd66e5d5b79e7c72f1b9 4. SHA1- 141c7255d45e481e258fb888c996823f9cd2ce81 5. SHA256- 36435560443fd4f364ba79dbea4627aa16b4d2fbfe5542a70c24d0ce0a631bc2

Mitigation

  1. Don’t open suspicious, irrelevant emails, especially when they are from unknown/ suspicious senders.
  2. Block the installation of programs from unknown sources.
  3. Download only from a relevant and trusted source.
  4. Update/ activate apps/ products with the support provided by genuine developers. Although it may be tempting, avoid installing cracked apps from third party sources as they could be infected with malware.
  5. Software should be kept up-to-date.
  6. Anti-virus is essential.

Table of Contents

Request an easy and customized demo for free