To our avid blog readers who aren’t into Pinterest but may know relatives, friends, or co-workers who are pinners, this blog post is also for you.
One of our researchers in the AV Labs spotted a shady application that claims to help Pinterest users zoom in on images. The app is called Pin Photo Zoom (MD5: 644c1baf9a30af5ed7c77f85bff8667e). One can do a lookup of their domain via Web search and download the app from there. Or, one can install it indirectly onto their system by downloading certain applications hosted on Freeze.Com as the said app is bundled with some of them.
Before testing, I had assumed that (at the very least) Pin Photo Zoom would somehow live up to its promise since there are free browser add-ons, albeit unofficial ones, that do zoom in on images not just on Pinterest like . I wasn’t surprised with what happened next, though.
After testing, the app did not appear to have any effect on how pinners view images. Furthermore, the user’s system was now home to a program designed to inject ads on websites they had visited.
We also found that this app injected video ads on YouTube, appearing before the actual video one wanted to view.
On top of this, here is a list of facts we have gathered related to the app and its domain:
- The domain is hosted on an IP address located in Israel.
- The IP address uses a network (AS8551) where other IPs are found to host malicious content.
- The IP address also hosts update(dot)predictad(dot)com, which is a website detected to be malicious.
- The source of the digital signature of the pinphotozoom.exe is predictad(dot)com.
- Pin Photo Zoom apparently has a second site called pinterestphotozoom(dot)com. Its content is exactly the same as the content of widdit(dot)com. Widdit claims to be a toolbar, add-on, or Android app.
- The privacy page URL specified in their EULA page leads to a dead page.
Jovi Umawing (Thanks to Matthew for finding this)
Leave a reply