Pay-Per-Install Company Deceptively Floods Market with Unwanted Programs

By and on

For the past 18 months, McAfee Labs has been investigating a pay-per-install developer, WakeNet AB, responsible for spreading prevalent adware such as Adware-Wajam and Linkury. This developer has been active for almost 20 years and recently has used increasingly deceptive techniques to convince users to execute its installers. Our report is now available online.

During a 10-month period from September 2017 to June 2018, we observed more than 1.9 million detections in the wild and the generation of thousands of unique websites and URLs. McAfee product protections prevented millions of pieces of adware from being installed on customers’ machines.

 

McAfee Adware-InstCap detections from September 2017 to June 2018.

Some of the deceptive tactics we observed included fake movie playbacks and fake torrent downloads targeting both Windows and Mac systems. These tactics aimed to trick users into installing bundled applications such as performance cleaners.

WakeNet AB’s FileCapital tools are responsible for installing some of the most prevalent potentially unwanted program (PUP) families, which plague infected clients with unwanted advertisements and seriously impact performance.

The revenue WakeNet AB generated in one year puts it above some of the most prevalent ransomware families, which explains why creating PUPs is so appealing. PUP developers generate revenue primarily by exploiting PC users.

PUPs

A PUP is software that might offer some useful functionality to a customer but also presents some risk. Users see some PUPs as benign, others as malicious. One of the latter is Adware-Elex (aka Fireball), which infected 250 million devices. McAfee strives to protect its customers against all kinds of threats, including PUPs.

The McAfee PUP Policy helps users understand what is being installed on their systems and notifies them when a technology poses a risk to their systems or privacy. PUP detection and removal provides notification to our customers when a software program or technology lacks sufficient notification or control over the software, or fails to adequately gain user consent to the risks posed by the technology. For more on how McAfee defines and protects against PUPs, read the McAfee® Potentially Unwanted Programs Policy.

For a full analysis of WakeNet AB’s products, download the full report.

Leave a Comment

Similar articles

This post was written with contributions from the McAfee Advanced Threat Research team.   The McAfee Advanced Threat Research team and McAfee Labs Malware Operations Group have discovered a new global campaign targeting nuclear, defense, energy, and financial companies, based on McAfee® Global Threat Intelligence. This campaign, Operation Sharpshooter, leverages an in-memory implant to download ...
Read Blog
Rockstar Games’ Red Dead Redemption 2 has struck a popular chord with many online gamers. Unfortunately, the Western-themed action-adventure game has also become a popular vessel for malicious activity among cybercriminals as well. Scammers are tricking gamers into giving up their personal information with phony “free” downloads of the online game, while simultaneously making a ...
Read Blog
Pay-per-install, or PPI for short, is a type of software program that presents users with third-party offers while they are in the middle of another download. If a user clicks on the third-party advertisement, the software developer earns money from the download. One specific PPI program has caught the attention of our McAfee ATR team, ...
Read Blog