Previously known as browser hijackers What’s dangerous with Linkury is how it uses its adware function as a gateway to spread malware
The two researchers security , Linkury is said to have adapted its functions to hide its malicious techniques and to appear as a “legitimate adware”.Usually, it is distributed through Safe Finder widget, one extension that is supposed to be used to perform secure internet searches.null
The widget is usually combined with others for free application as a secondary installer or distributed through web ads that redirect them users on SafeFinder download pages.
If a user installs the SafeFinder extension, their browser default search settings and homepage will change. However, it is not just this change. The installation of the extension is accompanied by the installation of additional binaries, which differ depending on the country of the user.
In other cases, Linkury was installing a version of Opera browser to the infected computers, which operated “silently” in the background of the operating system to display pop-up ads, bringing profits to Linkury adware / malware operators.the hackers behind Linkury, used the SafeFinder widget to install other extensions in its browsers .
The problems, however, do not end here. The researchers also said that SafeFinder installer contained many malware features, such as PowerShell scripts for disabling Windows Defender and functions that allowed it to understand when the installer was running on virtual machines and sandboxes.