The adware spams a tainted PC with advertisements as well as introduces digital currency mine and ad extensions in the browser. This implies the PBot is significantly more than an average adware.
“Developers are constantly releasing new versions of this modification, each of which complicates the script obfuscation,” Kaspersky’s Anton V. Ivanov wrote in a blog post. “Another distinctive feature of this Pbot variation is the presence of a module that updates scripts and downloads fresh browser extensions.”
Kaspersky Lab analysts said the adware has experienced a few changes since it was first recognized multi year prior and now accompanies the capacity to run a hidden cryptominer on tainted PCs.
How Does PBot or PythonBot Actually Works ?
On the off chance that the client clicks anyplace on the downloaded page, a file named as “update.hta” is downloaded on the victim’s PC. In the event that the client executes the file, a PBot installer gets downloaded from a remote command-and-control server.
This bot utilizes “brplugin.py” script to create DLL file and afterward inject it into the propelled browser to introduce the ads augmentation on the focused on framework.
This browser extension introduced by PBot normally adds different pennants to the page and redirects the client to advertising sites.
“In pursuit of profit, adware owners often resort to installing their products on the sly, and PBot developers are no exception. They release new versions (and update them on user computers), complicating their obfuscation to bypass protection systems,” Ivanov concluded.
Never tap on obscure links, regardless of whether it is by all accounts originating from a known individual. You can test the realness of the link by drifting your mouse over the connection. This will show the right address to which the connection is redirecting. Frequently install OS and software updates to keep yourself secure from new exploits.