DealPly adware uses SmartScreen’s reputation service to infect your PC

by Vlad Turiceanu
Vlad Turiceanu
Vlad Turiceanu
Passionate about technology, Windows, and everything that has a power button, he spent most of his time developing new skills and learning more about the tech world. Coming... read more
Affiliate Disclosure
DealPly adware hides behind Microsoft's SmartScreen's to avoid detection

A new DealPly variant which abuses Microsoft’s SmartScreen API to avoid detection was discovered by security researchers.

What is DealPly and how it works?

If you didn’t know already, DealPly is an adware strain that installs browser extensions on your browser and displays advertisements. To remain undetected, it abuses Microsoft’s reputation services.

Here’s how enSilo’s research team, who discovered the intrusion, describes it:

Besides of modular code, machine fingerprinting, VM detection techniques and robust C&C infrastructure, the most intriguing discovery was the way DealPly abuses Microsoft and McAfee reputation services to remain under the radar.

DealPly adware smartscreeen initial comunication


Even though Windows Defender SmartScreen is designed to warn Windows 10 users when they access domains with malware or phishing potential, DealPly bypassed it.

It does that by taking advantage of infected Windows 10 PCs and using them to further distribute the infection.

DealPly uses JSON-based API requests, then sends info to SmartScreen’s reputation server, waits for the response and when it gets it, it collects data and sends it back to DealPly’s C2 server.

I’m not using Windows 10. Could DealPly affect me?

It’s worth mentioning that DealPly has support for multiple versions of the undocumented SmartScreen API. This means that it has the ability to infect multiple Windows versions, not just Windows 10, as researchers explain:

It is important to note that the SmartScreen API is undocumented. This means the author has put a lot of effort in reverse engineering the inner workings of the SmartScreen mechanismfeature.

To keep your PC safe, make sure that you always keep your Windows updated, use an antimalware or an antivirus solution, and surf the web on a privacy-based browser.

This article covers:Topics: