Different software packages are installed in the background

Oct 22, 2014 13:04 GMT  ·  By

A recently discovered impersonation of the Twitch.tv site for streaming gameplay sessions distributes a software downloader that delivers potentially unwanted programs (PUPs).

The owner of the fake website registered the domain twitchtv.net, which is a fairly good copy of the original and could trick visitors into believing they landed on the real platform.

The only option is to download the file served

Immediately after the site loads up, a request to download a player plug-in pops up, in order to be able to watch the videos.

Regular visitors of the original Twitch website should know that the platform requires Adobe Flash Player for the video to be displayed. As such, being offered a different program should ring alarm bells.

Two buttons are available, one for proceeding with the installation and one for delaying the action. However, regardless of the one the visitor chooses, the download is still initiated.

To cover themselves from a legal battle, the administrators pasted a disclaimer at the bottom of the page explaining that the file delivered is actually a software installer that can promote different applications, from toolbars and browser add-ons, to games and antivirus solutions; other types of digital packages are also included.

A slew of digital packages are pushed on the system

According to Jovi Umawing from Malwarebytes, the actions it initiates on the computer include pushing video streaming websites that require registration to view the content, shows fake program update notifications and starts Firefox web browser (if available) to prompt installation of add-ons.

All this happens while programs are being installed in the background, which are then executed offering registration for their services.

Apart from this, the file, which is detected by Malwarebytes as PUP.Optional.DomaIQ, launches several websites that promote “potentially bogus services and programs.”

Umawing provides a list of 14 executables that are funneled in by DomalIQ, and nowhere on the list was the initially recommended video player plug-in.

PUPs gobble up computer resources

Having PUPs, also referred to as PUAs (potentially unwanted applications) on the system is not generally a security risk for the user, but they have a dramatic impact on the performance of the computer and are sometimes the cause of spam messages.

“Beyond the drain on system resources and annoyance associated with the advertising, there are reports of PUPs being used to install additional software like Bitcoin Miners and even Malware,” Adam Kujawa of Malwarebytes says in an October 16 blog post about the prevalence of PUPs and their effects on the system and the user.

Attention should be paid in order to avoid falling victim for this type of deceit, which is part of the classic affiliate marketing scheme, where the distributor of the software receives a commission from the vendor of the program for each installation.

Below you can see an explanation of how PUPs are delivered and the impact they have.