KMPlayer
KMPlayer installer/updates distributed malware.
KMPlayer, a freeware media player, reportedly distributed unwanted software, adware, or potentially more malicious payloads through some installer and update channels. Users who expected a media player instead encountered bundled programs and advertisements, a gray-zone supply chain where monetization blurred into unwanted execution.
- Date
- 2018-01-01 to 2018-12-31
- Category
- Commercial
- Target Surface
- Distribution
- Insertion Phase
- distribution
- Impact
- Adware
- Cause
- Bundled software
What Was Affected
Package
KMPlayer
LanguageVarious
ComponentApplication
Artifact typebinary archive
Domain typeproject download host
Domain
kmplayer.com
Compromised Versions
- Various versions around 2018, specific builds often tied to download sources.
Incident Context
- Motive
- Financial gain
- Attribution
- Adware bundlers
- Transitive
- No
- Observed Duration
- 364 days
Evidence
Compromised Artifacts
- KMPlayer installers downloaded from kmplayer.com or various third-party download sites around 2018, reported to bundle adware or PUPs.
Current Artifacts and Analysis
Source Data
Source record: proprietary/kmplayer/meta.yaml