dubbed PBot

New variant of malware dubbed PBot seen in the wild.

Target: Anybody. Attack Vector: Redirection from legitimate sites, leading to the pages that trigger the download. Summary: A new variant of the well-known adware dubbed PBot has been observed installing malicious browser extensions such as cryptocurrency miners. The adware, originally used to create pop-up ads on victim’s browsers, has recently been seen to include malicious extensions aimed at generating revenue through acts such as cryptomining. As yet the websites being used are unknown. Risk assessment summary: This threat is assessed at 3d MODERATE. As this was originally adware, it was relatively harmless. However, with the new modules that are included in this variant, the threat is increased. As the new variant provides the authors with the ability to install extensions capable of expanding the capabilities, the threat level of this particular variant is raised. As there have been 50,000 installation attempts during April, this malware is very active and chances of infection are high if users are not vigilant.