To our avid blog readers who aren’t into Pinterest but may know relatives, friends, or co-workers who are pinners, this blog post is also for you.
One of our researchers in the AV Labs spotted a shady application that claims to help Pinterest users zoom in on images. The app is called Pin Photo Zoom (MD5: 644c1baf9a30af5ed7c77f85bff8667e). One can do a lookup of their domain via Web search and download the app from there. Or, one can install it indirectly onto their system by downloading certain applications hosted on Freeze.Com as the said app is bundled with some of them.
click to enlarge
Before testing, I had assumed that (at the very least) Pin Photo Zoom would somehow live up to its promise since there are free browser add-ons, albeit unofficial ones, that do zoom in on images not just on Pinterest like . I wasn’t surprised with what happened next, though.
After testing, the app did not appear to have any effect on how pinners view images. Furthermore, the user’s system was now home to a program designed to inject ads on websites they had visited.
click to enlarge
click to enlarge
click to enlarge
We also found that this app injected video ads on YouTube, appearing before the actual video one wanted to view.
click to enlarge
On top of this, here is a list of facts we have gathered related to the app and its domain:
- The domain is hosted on an IP address located in Israel.
- The IP address uses a network (AS8551) where other IPs are found to host malicious content.
- The IP address also hosts update(dot)predictad(dot)com, which is a website detected to be malicious.
- The source of the digital signature of the pinphotozoom.exe is predictad(dot)com.
- Pin Photo Zoom apparently has a second site called pinterestphotozoom(dot)com. Its content is exactly the same as the content of widdit(dot)com. Widdit claims to be a toolbar, add-on, or Android app.
- The privacy page URL specified in their EULA page leads to a dead page.
GFI VIPRE detects Pin Photo Zoom as Adware.PinPhotoZoom (fs).
Jovi Umawing (Thanks to Matthew for finding this)
Leave a reply
