DealPly adware uses SmartScreen’s reputation service to infect your PC

2 minute read
DealPly adware hides behind Microsoft's SmartScreen's to avoid detection

Home » News » DealPly adware uses SmartScreen’s reputation service to infect your PC

A new DealPly variant which abuses Microsoft’s SmartScreen API to avoid detection was discovered by security researchers.

What is DealPly and how it works?

If you didn’t know already, DealPly is an adware strain that installs browser extensions on your browser and displays advertisements. To remain undetected, it abuses Microsoft’s reputation services.

Here’s how enSilo’s research team, who discovered the intrusion, describes it:

Besides of modular code, machine fingerprinting, VM detection techniques and robust C&C infrastructure, the most intriguing discovery was the way DealPly abuses Microsoft and McAfee reputation services to remain under the radar.

DealPly adware smartscreeen initial comunication

 

Even though Windows Defender SmartScreen is designed to warn Windows 10 users when they access domains with malware or phishing potential, DealPly bypassed it.

It does that by taking advantage of infected Windows 10 PCs and using them to further distribute the infection.

DealPly uses JSON-based API requests, then sends info to SmartScreen’s reputation server, waits for the response and when it gets it, it collects data and sends it back to DealPly’s C2 server.

I’m not using Windows 10. Could DealPly affect me?

It’s worth mentioning that DealPly has support for multiple versions of the undocumented SmartScreen API. This means that it has the ability to infect multiple Windows versions, not just Windows 10, as researchers explain:

It is important to note that the SmartScreen API is undocumented. This means the author has put a lot of effort in reverse engineering the inner workings of the SmartScreen mechanismfeature.

To keep your PC safe, make sure that you always keep your Windows updated, use an antimalware or an antivirus solution, and surf the web on a privacy-based browser.

Discussions

Next up

Browser not showing images? Here’s how you fix this

Alexandru Voiculescu By: Alexandru Voiculescu
2 minute read

Browsers are essential tools for surfing the Internet. Also, the interface of any browser is crucial for providing a user-friendly experience. However, this feature is […]

Continue Reading

Fix Power Bi column errors with these quick solutions

Tashreef Shareef avatar. By: Tashreef Shareef
3 minute read

While using the Power Bi desktop app you may face some issues with your data and file. One such error is related to Power Bi […]

Continue Reading

FIX: Try opening this file in another app error in Windows 10

Tashreef Shareef avatar. By: Tashreef Shareef
3 minute read

The built-in Windows Photos app allows you to edit photos as well as play videos of multiple formats apart from viewing images. Sometime, the app […]

Continue Reading