Home / malware BrowserModifier:Win32/Riccietex
First posted on 03 December 2016.
Source: MicrosoftAliases :
There are no other names known for BrowserModifier:Win32/Riccietex.
Explanation :
This browser modifier displays an installation interface and is known to install legitimate applications. While installing an application, it locates and modifies shortcuts (.lnk files) that open the following web browsers:
- 2345 Explorer
- 360 Browser
- Baidu Browser
- Google Chrome
- Internet Explorer
- Juzi Browser
- Liebao (Cheetah) Browser
- Maxthon
- Mozilla Firefox
- QQ Browser
- Sogou Explorer
- The World Browser
- UC Browser
It modifies the shortcuts so that the browsers automatically open the following legitimate website:
hao.360.cn
Our samples have been found to point browser shortcuts to one of the following pages:
- hxxps://hao.360.cn/?src=lm&ls=n4a639cd994
hxxps://hao.360.cn/?src=lm&ls=n162f37fb94
Analysis by James DeeLast update 03 December 2016
