Experts expose yet another Internet Explorer vulnerability

Through the years the Internet Explorer (an inseparable part of the Windows OS) has been persistently followed by critique mostly targeted towards its security and reliability. This may have been one of the reasons Microsofts have launched a new IE counterpart MC Edge in Windows 10.

Nevertheless, IE was not terminated and is still being used by 3.93% of computer users. Vulnerabilities have not disappeared anywhere either.

The most recent find that infringes IE user’s privacy is a browser hijacker called MapsGalaxy Toolbar. Not only does this parasite hijack your browser and force you to download an adware-laden browser extension, but also employs click fraud tool to artificially inflate boost web page traffic.

Researchers at Kaspersky Lab recently discovered this adware and classified it as a Potentially Unwanted Program (PUP). Luckily, it doesn’t cause any noticeable damage to the computers, but it does infiltrate them without user’s permission and employs deception to generate advertising revenue.

The hijacker spreads through a sophisticated Trojan known as Magala. Once on the PC, Magala determines the version of Internet Explorer that you are using, if the version is higher than IE 8, it initializes the MapsGalaxy browser hijacker to start its malicious tasks.

The toolbar also alters the Windows registry to set itself as a default homepage and creates a virtual desktop to execute predetermined operations. These operations may include further adware spread, setting up Autoruns and sending reports to hard-coded URLs.

Even with the possibility of such functionalities, the primary aim of this malware is advertising. With the help of Megala, MapsGalaxy contacts remote servers, where it receives a list of search queries that need to be boosted. The program then works according to this list and sends the requested queries to the indicated sites.

The requests are sent about 10 times at 10-second intervals.

Currently, it is known that main spread points of the malware are U.S. and Germany, with other countries being noticeably less affected. It could be related to the ad campaign costs, which are significantly higher in the U.S. and Germany.

Ugnius Kiguolis