ask-partner-network
Ask Partner Network update channel delivered fileless malware
Carbon Black and Red Canary disclosed in late 2017 that the Ask Partner Network (APN) — the update infrastructure behind the Ask.com Toolbar bundled with many freeware installers — was abused to push a multi-stage fileless malware loader through its official update channel. Endpoints with the Ask Toolbar installed received the malicious update via the trusted updater process, complicating detection. The campaign was characterized as targeted, with downstream payloads tailored to specific organizations rather than mass cryptojacking. APN/IAC pushed a clean update after notification.
- Date
- 2017-06-01 to 2017-11-30
- Category
- Commercial
- Target Surface
- Distribution
- Insertion Phase
- distribution
- Impact
- Backdoor
- Cause
- Update infrastructure compromise
What Was Affected
Package
ask-partner-network
Languagec++
ComponentApplication
Artifact typebinary archive
Domain typevendor
Domain
apn.ask.com
Incident Context
- Motive
- Espionage
- Attribution
- Unknown attacker
- Transitive
- Yes
- Observed Duration
- 182 days
External References
Source Data
Source record: proprietary/ask-partner-network/meta.yaml