The number of users lured into installing scam cleaners doubled in a year

• Don’t get swept up : the number of users lured into installing scam cleaners doubled in a year to almost 1.5 million

• Kaspersky experts have detected a two-fold rise in the number of users being attacked with fake system cleaners – fraudulent programs designed to trick users into paying for alleged serious computer issues to be fixed.

The number of users hit reached 1,456,219 in the first half of 2019, compared to just 747,322 for the same period in 2018. During this time, some of the attacks have become more sophisticated and dangerous.

A slow-working or poorly performing computer is a common complaint among PC users, and there are many legitimate tools available to solve such issues. However, alongside genuine system cleaners, there are fake ones developed by fraudsters that are designed to trick users into believing their computer is in critical danger, for example through memory overload, and needs immediate cleaning. The attackers then offer to provide such a service in return for payment. Kaspersky defines and detects such programs as ‘hoax system cleaners’.

Upon receiving user permission and payment, the fraudsters install the hoax programs that claim to clean the PC, but which often either do nothing or install adware – an annoying, but not critical, storm of unsolicited advertising – on the computer. Increasingly, however, the cybercriminals are using the installation of hoax cleaners to download or disguise malware such as Trojans or ransomware.

The countries most affected by attacks with hoax cleaners in the first half of 2019 show how geographically widespread the threat is; leading the list is Japan with 12% of affected users, followed by Germany (10%), Belarus (10%), Italy (10%) and Brazil (9%).

“We’ve been watching how the phenomenon of hoax cleaners has been growing for the last couple of years, and it is a curious threat. On the one hand, many samples that we have seen are spreading more widely and becoming more dangerous, evolving from a simple ‘fraudulent’ scheme into fully functioning and dangerous malware. On the other hand, they are so widespread and seemingly innocent, that it is much easier for them to trick users into paying for a service, rather than frightening them with screen blockers and other unpleasant malware. However, these two ways end up the same results with users losing their money,” says Artemiy Ovchinnikov, security researcher at Kaspersky.

Kaspersky detects hoax system cleaners as:

Hoax.Win32.PCFixer.*

Hoax.Win32.PCRepair.*

Hoax.Win32.DeceptPCClean.*

Hoax.Win32.Optimizer.*

Hoax.MSIL.Optimizer.*

To avoid falling victim to hoax threats, Kaspersky researchers advise users to:

  • Always check that the PC services that you are about to adopt are legitimate and easy to understand. If it sounds confusing, use a search engine to find out more about the service as there may be a more detailed explanation available
  • Use a reliable security solution for comprehensive protection with a clean-up function for a wide range of threats and PC cleansing,such as Kaspersky Security Cloud. 
  • If you are purposely looking for a PC cleaner, use reliable, IT-targeted sources of information for recommendations, with a long-built reputation and software reviews.

 Read the full report on Kaspersky Daily.