The Booz Allen DarkLabs’ Threat Hunt team recently discovered a unique form of adware lurking on networks that evades all traditional forms of cyber defenses. The adware is a previously known threat that is commonly used to inject advertisements into a user’s browser and covertly collect information about the user’s browsing activity.
Adware is often ignored during security operations because it is generally considered unsophisticated, is prevalent, and has a low perceived threat level. This adware, which we are calling advanced persistent adware (APA), is unique because it leverages advanced techniques, typically only seen in attacks attributed to nation-state-level advanced persistent threats (APT), to evade detection, maintain persistence, and connect to a command and control (C2) server to facilitate the second stage of the attack. This APA is similar to adware detected by Carbon Black’s Endpoint Detection and Response (EDR) platform. Both examples demonstrate the growing need for advanced detection as the playing field continues to evolve in favor of these threats.