Creepy adware takes screenshot of victim’s desktop without their permission

Faster internet adware also collects IP addresses, and information on PC’s hardware configuration.

David bisson
David Bisson
@
@DMBisson

Nasty adware takes screenshot of victim's desktop without their permission

Researchers have come across a nasty adware variant that takes a screenshot of a user’s computer desktop without their permission.

Lawrence Abrams, a computer security expert at Bleeping Computer, notes in a blog post that the adware, known as “Faster Internet,” has a penchant for collecting unsuspecting users’ data:

“When Faster Internet is installed it will create a fingerprint consisting of information related to your motherboard, CPU, hard drives, network adapters, and other information about your computer. This information is then uploaded to the developers server. It will then take a screenshot of the active display on your computer at the time of the install and send this screenshot along with your IP address to [a .online URL]”

Sign up to our free newsletter.
Security news, advice, and tips.

Someone with Faster Internet installed on their machine never receives a notification that the adware is taking a screenshot of their desktop.

That could spell trouble for a user in so many ways, explains Abrams.

“The problem is that when this program is installed, the user may have confidential documents, web sites, or programs open that will be now be included in the screenshot and uploaded to these scumbags. What if the victim had a password manager open to their online bank account, or their tax return showing their social security number and address, or private images that they do not want disclosed? As nobody knows who the people behind this are and what they may do with this information, this behavior is a serious cause for concern.”

Faster Internet is not the only adware that has threatened users’ security in recent months. Back in February 2015, the world first learned of Superfish, a piece of adware which could intercept HTTPS-encrypted traffic on all Lenovo PCs in an attempt to inject ads into users’ web browsers.

Superfish cert

Given that users affected by Superfish could no longer trust HTTPS web connections, Microsoft decided to adjust its malware objective criteria back in December in an effort to prevent adware similar to Superfish from adversely affecting users’ security.

Users who wish to protect themselves against adware should maintain an up-to-date anti-virus provider on their computers. (To illustrate, as of this writing, 17 out of 56 solutions currently flag Faster Internet as malicious.)

Users might also want to consider installing an adblocker like AdBlock Plus. Those types of browser extensions cannot block adware outright, but it can block ads that might redirect to websites hosting adware and other malicious software.


David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Tripwire's "The State of Security" blog.

One comment on “Creepy adware takes screenshot of victim’s desktop without their permission”

  1. Mark Jacobs

    Absolutely 100% agree that ad-blockers can really reduce the attack vector, nullifying those tempting "make your system better" distractions that lead to many woes!

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.