A new DealPly variant which abuses Microsoft’s SmartScreen API to avoid detection was discovered by security researchers.

What is DealPly and how it works?

If you didn’t know already, DealPly is an adware strain that installs browser extensions on your browser and displays advertisements. To remain undetected, it abuses Microsoft’s reputation services.

Here’s how enSilo’s research team, who discovered the intrusion, describes it:

Besides of modular code, machine fingerprinting, VM detection techniques and robust C&C infrastructure, the most intriguing discovery was the way DealPly abuses Microsoft and McAfee reputation services to remain under the radar.

 

Even though Windows Defender SmartScreen is designed to warn Windows 10 users when they access domains with malware or phishing potential, DealPly bypassed it.

It does that by taking advantage of infected Windows 10 PCs and using them to further distribute the infection.

DealPly uses JSON-based API requests, then sends info to SmartScreen’s reputation server, waits for the response and when it gets it, it collects data and sends it back to DealPly’s C2 server.

I’m not using Windows 10. Could DealPly affect me?

It’s worth mentioning that DealPly has support for multiple versions of the undocumented SmartScreen API. This means that it has the ability to infect multiple Windows versions, not just Windows 10, as researchers explain:

To keep your PC safe, make sure that you always keep your Windows updated, use an antimalware or an antivirus solution, and surf the web on a privacy-based browser.

It is important to note that the SmartScreen API is undocumented. This means the author has put a lot of effort in reverse engineering the inner workings of the SmartScreen mechanismfeature.

If the advices above haven’t solved your issue, your PC may experience deeper Windows problems. We recommend downloading this PC Repair tool (rated Great on TrustPilot.com) to easily address them. After installation, simply click the Start Scan button and then press on Repair All.

Still having issues? Fix them with this tool:

SPONSORED

  • AdwareCybersecuritywindows 10

Email *

Commenting as . Not you?

Comment