Creepy adware takes screenshot of victim’s desktop without their permission

Faster internet adware also collects IP addresses, and information on PC's hardware configuration.

Nasty adware takes screenshot of victim's desktop without their permission

Researchers have come across a nasty adware variant that takes a screenshot of a user’s computer desktop without their permission.

Lawrence Abrams, a computer security expert at Bleeping Computer, notes in a blog post that the adware, known as “Faster Internet,” has a penchant for collecting unsuspecting users’ data:

When Faster Internet is installed it will create a fingerprint consisting of information related to your motherboard, CPU, hard drives, network adapters, and other information about your computer. This information is then uploaded to the developers server. It will then take a screenshot of the active display on your computer at the time of the install and send this screenshot along with your IP address to [a .online URL]”

Someone with Faster Internet installed on their machine never receives a notification that the adware is taking a screenshot of their desktop.

That could spell trouble for a user in so many ways, explains Abrams.

The problem is that when this program is installed, the user may have confidential documents, web sites, or programs open that will be now be included in the screenshot and uploaded to these scumbags. What if the victim had a password manager open to their online bank account, or their tax return showing their social security number and address, or private images that they do not want disclosed? As nobody knows who the people behind this are and what they may do with this information, this behavior is a serious cause for concern.”

Faster Internet is not the only adware that has threatened users’ security in recent months. Back in February 2015, the world first learned of Superfish, a piece of adware which could intercept HTTPS-encrypted traffic on all Lenovo PCs in an attempt to inject ads into users’ web browsers.

Superfish cert

Given that users affected by Superfish could no longer trust HTTPS web connections, Microsoft decided to adjust its malware objective criteria back in December in an effort to prevent adware similar to Superfish from adversely affecting users’ security.

Users who wish to protect themselves against adware should maintain an up-to-date anti-virus provider on their computers. (To illustrate, as of this writing, 17 out of 56 solutions currently flag Faster Internet as malicious.)

Users might also want to consider installing an adblocker like AdBlock Plus. Those types of browser extensions cannot block adware outright, but it can block ads that might redirect to websites hosting adware and other malicious software.

Tags: ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts


One Response

  1. Mark Jacobs

    April 21, 2016 at 10:20 am #

    Absolutely 100% agree that ad-blockers can really reduce the attack vector, nullifying those tempting “make your system better” distractions that lead to many woes!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.