HackDig : Dig high-quality web security articles for hackers

Trust Financial Lends Adware to Clients

2014-08-15 09:18

Our researchers in the Labs found a fake loan page from an equally fake financial institution called “Trust Financial Group”.

02D3B1F566A419CEFACB8E96C52913E1click to enlarge

Once users visit trustfinancial(dot)org, they are redirected to a default page serving a loan decision document. In order for visitors to see its unblurred version, they have to install a “secure loan viewer” application. Unfortunately, users will find out that the name of the program is actually called “Search Smarted and Search Assistor” and is signed by a verified publisher called Access Financial Resources, Inc.


Here’s another sample that we have acquired:


A quick search on Google for the name points me to a small company of financial planners in Oklahoma, but I can’t find connections to any legitimate software it’s involved in or to “Trust Financial Group”. We can count on the idea that whoever is behind the bogus page and brand had used the name of a legitimate small financial company to make the certificate appear more authentic, which in turn makes the applications seem legit.

Unfortunately, this is not the case. The files are not document viewer applications, but they are adware programs that, once installed, injects ads into search engine results.

C936F07A4085EBFA62BE550F9F6D03F2click to enlarge

“This is an extremely disturbing install, as the adware involved is fraudulently claiming to hail from a financial institution.” says Eric Howes, ThreatTrack Security’s Principal Lab Researcher, “The domains used here are all anonymously registered. And while this attack technically isn’t a phishing attack, it is exploiting users’ trust and faith in financial institutions to trick them into installing adware.”

Our researchers have further determined that the ads being injected are pulled through the domain, ez-input(dot)info, which was also registered anonymously.

VIPRE users are protected from this threat. We detect these files as Besttoolbars (fs).

Hat tip: Thanks to Matthew for finding this, Eric for his additional insights.

The post Trust Financial Lends Adware to Clients appeared first on ThreatTrack Security Labs Blog.

Source: /wEND4LgiZ7M/3~/ytiruceskcarttaerht/r~/moc.elgoog.yxorpdeef

“Trust Financial Lends Adware to Clients”0 Comments

Submit A Comment



Blog :

Verification Code:


Tag Cloud