Pay-per-install, or PPI for short, is a type of software program that presents users with third-party offers while they are in the middle of another download. If a user clicks on the third-party advertisement, the software developer earns money from the download. One specific PPI program has caught the attention of our McAfee ATR team, as they recently investigated a company that has taken advantage of this software and is using deceptive techniques to spread malicious files. Meet WakeNet AB, a Swedish pay-per-install software developer that has generated a large amount of revenue – even more so than some of the most prevalent ransomware families – from spreading PUPs (potentially unwanted programs).
So, how does WakeNet AB infect users’ devices with PUPs? WakeNet sets up PPI sites to entice affiliate hackers to spread malicious files and adware. WakeNet’s most recent distribution vessel is the site FileCapital. FileCapital provides affiliate hackers with a variety of “marketing tools” such as embedded movies, landing pages, banners, and buttons. These deceptive tools are intended to coax victims into installing bundled applications that house different PUPs. Victims may install these applications because they are disguised as legitimate programs. For example, a user may think they are installing a helpful performance cleaner onto their computer. What they don’t know is that the “performance cleaner” is actually disguising other malicious files that could lead to irritating adverts and decreased computer performance.
As of now, it seems unlikely that PUP development will slow since it helps their distributors earn a considerable amount of money. With that said, it’s important now more than ever for users to be aware of the security risks involved with PUPs like the ones spread by WakeNet’s FileCapital. Check out the following tips to better protect yourself from this threat:
- Click with caution. Be wary of pop-ups and websites asking you to click on items like movie playbacks and other software downloads. These items could infect your device with annoying adverts and malware.
- Only download software from trusted sources. If you receive a pop-up asking you to update or install software, be vigilant. Adware and PUPs are often disguised as legitimate sites or software companies. Your best bet is to play it safe and go directly to the source when updating or installing new software.
- Use a robust security software. Using a security solution like McAfee Total Protection could help protect your device from exposure to PUPs that have been spread by WakeNet’s FileCapital. McAfee Total Protection blocks auto-play videos on websites that decrease computer performance and warns you of risky websites and links.