5/10/2023 0 Comments Maxthon browser startpageMinor changes to the interface, bug fixes and the addition of the Adblocker & Extensions panel.New search engines are now available in Monument Browser for Windows 10 devices: Qwant, Ecosia, Ekoru, and StartPage.Media Downloader improvements - now you can download from Twitter and some other sources which use m3u8 format, it will work better if you play the video on the web page first.Can we expect other types of malware to appear on this platform? Time will tell.I've pieced together what's new for v2.3.115, since we last mentioned Monument Browser here, back in March 2019, and have boiled it down to: fas files are hard to analysis without a decompiler, AutoCAD has become a good platform for spreading malware. The fact that AutoCAD is widely used, its AutoLISP language is sufficiently powerful, and compiled. As it becomes increasingly difficult to bypass all the protection technologies of antivirus products, malware authors are searching for new platforms to exploit. But this is the first time we have seen start page Trojans working on the AutoCAD platform. The start page Trojan has become the main type of malware in China and AutoCAD viruses are also nothing new. Hxxp://ap./zl.htm is more interesting – it refreshes the browser to redirect it to hxxp://which will jump to įinally, shows an advert along these lines: In an attempt to make them more popular, some navigation sites usually make use of propagation agents which, depending on the traffic they have brought in, can account for a significant proportion of a site’s income. The owners of popular navigation sites can earn huge amounts of money. Since it is usually difficult for Chinese users to memorize the addresses of websites, navigation sites like are often used to make visiting sites more convenient. “99182691_hao_pg” is the ID of the website propagation agent of. In addition, on, the Trojan will display a message window to say: “Happy New Year!” Moreover, it checks if the following processes exist: To change the start page in the Sougou browser, the Trojan also modifies the file %userprofile%appdataSougouexplorerconfig.xml – the configuration file of Sougou. The Trojan also regularly opens a new browser process to visit hxxp://ap./zl.htm.Īnd changes the browser home page to h**p://by modifying the registry. Upon finding the browser window, the Trojan extracts the URL in the address bar in the browser tab and checks whether it contains the string “” if not, the Trojan will direct the browser to. “iexplore.exe”,”theworld.exe”,”qqbrowser.exe”,”maxthon.exe”,”greenbrowser.exe”,”chrome.exe”,”sogouexplorer.exe”,”360se.exe”,”360chrome.exe” When it is downloaded and run by, it goes through the system process list to find the following browser processes: It then tries to download from hxxp:///jbbgxf/?f=zydz.įinally, it modifies the downloaded file so that shxfont.fas can launch in future. When it is executed by AutoCAD, it first copies itself to shxfont.fas. It is usually distributed in archives containing architectural drawings with the name acad.fas. The main purpose of this Trojan is to download. It can function on most popular Chinese browsers, such as maxthon.exe, 360se.exe, sougouexplorer.exe, etc. is responsible for changing the browser’s homepage and directing the browser to advertising sites. The malicious activity is initiated by which downloads. The diagram below demonstrates how the Trojans work: fas files and these Trojans managed to avoid detection by all antivirus programs except Kaspersky’s, which are capable of decompiling such files: This can cause difficulties during analysis because there is no decompiler as such for. These two Trojans are compiled AutoLISP files with the file extension. General information about the two Trojans According to our KSN statistics, this threat appears mainly in China, India and Vietnam.Ġx00. They are written in AutoLISP mixed with VBA, and are aimed at changing users’ browser start pages and displaying adverts. This week we found two new AutoCAD Trojans detected as and. In order to spread such Trojans as broadly as possible, Trojan authors have even turned their sights to AutoCAD. In China, start page Trojans have become a popular type of malware because by changing users’ browser start pages to point to some navigation site, the owner of the site can get a large amount of web traffic which can then be converted into large sums of money.
0 Comments
Leave a Reply. |