Bitdefender issues warning about “Zacinlo” cyberthreat that exposes online ads to fake audiences, causing losses to companies

Anca Alexe 18/06/2018 | 11:53

Cybersecurity specialists at Bitdefender have identified a new adware threat that installs itself deep inside operating systems and floods the user with invisible ads, causing important losses to companies through exposing ads to fictional audiences.

After it infects the user’s computer, the threat, called Zacinlo, opens multiple browser sessions and loads ad banners, and then simulates clicks from victims or changes the ad content on pages with own ads, which generates substantial revenues for the attacker.

As a result, companies that have ad budgets for various online ads based on user reach pay for ads that don’t actually reach real people, and therefore don’t have the expected impact.

Zacinlo installs on the system with admin privileges, which allows it to protect itself from processes that endanger it and block any removal attempt. These rootkit capabilities are extremely rare and represent under 1 percent of usual cyberthreats. Because of its deep integration with the operating system, its removal becomes very difficult.

Zacinlo uses various platforms to replace ads, including Google AdSense, and even has the ability to remove competition from the infected computer, through a function that allows it to delete other adware from the system. Furthermore, the cyberthreat extracts detailed information about the infected computer, related to the security solution used as well as apps and programmes that run on the device. Zacinlo can take screenshots and send them to the command and control center for analysis. This function has a major impact on user privacy, as the screenshots can contain sensitive or confidential information.

Zacinlo has the ability to stop the cybersecurity solution on the infected computer, which is why Bitdefender’s cybersecurity specialists recommend that users carry out an advanced scan of the device.

The adware installs on the computer after the download of a free and anonymous VPN service (s5Mark), distributed in an installation kit. Less knowledgeable users think a VPN connection is established, without it ever happening.

Most Zacinlo cyberthreats have been identified in the US, followed by Europe, Brazil, Chna and India. About 90 percent of the devices where Zacinlo was found used Windows 10. The campaign is believed to have started all the way back in 2012, but Bitdefender specialists have observed a peak of its activity at the end of 2017 and beginning of 2018.

BR Magazine | Latest Issue

Download PDF: Business Review Magazine April 2024 Issue

The April 2024 issue of Business Review Magazine is now available in digital format, featuring the main cover story titled “Caring for People and for the Planet”. To download the magazine in
Anca Alexe | 12/04/2024 | 17:28
Advertisement Advertisement
Close ×

We use cookies for keeping our website reliable and secure, personalising content and ads, providing social media features and to analyse how our website is used.

Accept & continue