Researchers also found that the application installed with administrator rights was not only having potential of downloading and installing software like scareware known as System Healer, but also stole personal details. Experts also discovered that the software is also able to check the presence of sandboxes, antiviruses, security tools, forensic software and remote access doors. Surprisingly, the software also consisted of the malicious module in the original Tuto4PC software [the Wizz Trojan] which also had backdoor abilities.These attributes permitted Tuto4PC to run any code they desired, or install any software and malware in the user’s computer. The Cisco researchers inspected OneSoftPerDay application of Tuto4PC’ and detected 7000 distinctive samples with names including the string ‘Wizz’ and also ‘Wizzupdater.exe’, ‘Wizzremote.exe’ and ‘WizzInstaller.exe’. Moreover, the string also uncovered some domains, the samples had been communicating with. The above fully developed spying features have led Cisco Talos to categorize the software of Tuto4PC as a “full backdoor capable of a multitude of undesirable functions on the victim machine.” The researchers were also able to detect the backdoor on about 12 million devices. Analysis of a sample set disclosed infections in the US, Australia, Japan, Spain, UK, France & New Zealand. “Based on the overall research, we feel that there is an obvious case for this software to be classified as a backdoor. At minimum it is a potentially unwanted program (PUP). There is a very good argument that it meets and exceeds the definition of a backdoor,” stated Cisco Talos researchers in a blog post. “The creation of a legitimate business, multiple subsidiaries, domains, software and being a publicly listed company do not stop this adware juggernaut from slowing down their attempts to push their backdoors out to the public,” they further stated.
Δ