The Navipromo adware tries to pass itself off as a legitimate application to trick users

PandaLabs has detected an adware specimen that tries to pass itself off as a legitimate application for accessing online games to trick target users and infect them with the Navipromo adware. It uses the name “InternetGameBox’, which belongs to a web page and a legal program for accessing several online games.  

“This is a very elaborated social engineering technique. In order to trick users, the malware creator has inserted malware in a file very similar to an existing, harmless file. Also, to increase effectiveness, they have chosen an application that allows access to online games, something very attractive to users”, explains Luis Corrons, Technical Director of PandaLabs.

When the user runs the file that contains the malware, an error message is displayed. Then, a dialog box opens prompting users to choose “Yes’ or “No’.  “At this point the user has already been infected and it doesn’t make any difference what they choose .  However, if the user is curious and looks for the application name on the Internet, they will find a real online gaming web page. This might reassure them while ignoring that their computer has been infected’, explains Corrons.

Navipromo is an example of adware already detected by Pandalabs in the past. “This malware’s activity had notably reduced lately.  It seems that the author is trying to reactivate it by turning to this new means of propagation.” Navipromo is designed to display ads every so often, therefore it can become a real nuisance to users.

Don't miss