In late 2017, we discovered a new type of advanced persistent threat: sophisticated adware that utilizes advanced techniques for persistence and antivirus evasion. Here’s how to fight advanced persistent adware (APA) in your networks.
How Advanced Persistent Adware Works
The developer of this adware uses what is known as a “burnable loader” which can be changed rapidly and thrown away if detected by antivirus. The loading of the second-stage malware in memory also points to a level of operational security generally used by APT-level actors.
We classify this malware as adware because its main purpose is to display ads to a user via redirection or by opening a new browser tab. But the first-stage loader could be used to execute any arbitrary code so while its current use case is a relatively minor threat, APA poses an increased security risk because it could easily be repurposed for an additional targeted attack.