CrossRider
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Ranking: | 673 |
Threat Level: | 10 % (Normal) |
Infected Computers: | 698,916 |
First Seen: | August 14, 2013 |
Last Seen: | March 12, 2024 |
OS(es) Affected: | Windows |
CrossRider Web Apps is a Potentially Unwanted Program (PUP) that should be deleted as quickly as possible with the collaboration of a strong security program. Malware analysts have heard from PC users that report that their security programs detected CrossRider and indicated that CrossRider may be problematic. PCs affected by CrossRider Web Apps may slow down, crash, freeze and present other symptoms. Computer users also may observe that their Web browser behaves abnormally, and that unrecognized components are present on their computers. PC security analysts have observed that CrossRider may interfere with other Web browser add-ons on an affected computer. It is also notable that CrossRider may be difficult to remove. Computer users attempting to remove CrossRider may come across difficulties if they attempt to remove CrossRider as they would remove any other Web browser extension. Removing CrossRider may require special measures and the use of a security program that is fully up-to-date.
Table of Contents
CrossRider and Similar Problematic Web Browser Add-Ons
PUPs may not be as destructive or severe as threats. However, most PUPs (CrossRider included) may cause symptoms that are most associated with threats. For example, CrossRider may cause pop-up advertisements, Web browser redirects and performance issues on computers CrossRider affects. There are many ways in which PUPs may spread, including typical threat distribution methods. However, the main way in which PUPs like CrossRider are distributed is by bundling them with other software. In most cases, CrossRider will be bundled with freeware or shareware from questionable sources, but in some cases, CrossRider may be bundled along with legitimate software being installed on a different installer or source.
Problems Associated with CrossRider and Other PUPs
As soon as CrossRider is installed, CrossRider may make changes to your Web browser settings. PC security analysts have noted that CrossRider may cause performance issues, such as causing the infected Web browser to crash, slow down or freeze. PUPs like CrossRider also may prevent other add-ons installed on the affected computer from functioning properly. Malware researchers have observed that CrossRider may be bundled along with numerous other PUPs which, when put together, may greatly tax your computer's resources. Because of these reasons, PC security analysts strongly recommend dealing with CrossRider and similar PUPs as soon as possible.
How to Deal with CrossRider
If CrossRider is installed on your computer, malware analysts advise the use of a known security program that is both fully up-to-date and capable of removing PUPs. In many cases, security software may be incapable of detecting PUPs since these programs may be geared towards more severe threats, such as worms, Trojans, viruses and rootkits. This has meant that many threat developers have increased their efforts into producing PUPs like CrossRider rather than full blown threat infections. This may result in substantial profits from advertising and affiliate marketing tactics. In most cases, computer users may find it difficult to remove CrossRider using their Web browser's extension or add-on manager – however, CrossRider and similar PUPs may be removed using the Add and Remove Programs option in the Windows Control Panel. But, even after removing CrossRider, it may be necessary to undo any unwanted changes made by CrossRider to your Web browser settings. For example, PC users may be obliged to revert their default search engine and homepage to CrossRider manually. After removing CrossRider, PC security analysts recommend using a strong anti-malware program that is fully up-to-date to perform a full scan of the affected computer. This step is crucial to ensure that CrossRider has not allowed other PUPs or more severe forms of threats to enter and affect the victim's computer.
Although a significant portion of computers infected by CrossRider is running on Windows, it is important to note that the adware has a separate version for Mac devices. The Mac version fulfills the same purpose, but it does have some extra features that are used to exploit the security features of OSX. The adware family also is known under the aliases Crossrider and SurfBuyer. However, apart from serving as adware, the CrossRider application also may partake in more suspicious behavior. The CrossRider tool is capable of spawning a bogus login prompt. The operators of the CrossRider application will use this feature to collect the login credentials of the user. Fortunately, the authors of the CrossRider tool do not use the collected credentials to carry out an unsafe operation. However, they utilize the collected credentials to plant additional components on the user's Mac without their knowledge or consent. This is not normal behavior that any genuine application would partake in. However, the adware can be modified to inject harmful payloads in the compromised system, which will make it far more threatening.
Users whose system is running OSX 10.11 or above, will have the CrossRider application displaying the fraudulent login prompt we mentioned to gather your administrator credentials and then plant new components on your computer. According to reports, among these new components is a bogus copy of the Safari Web browser that has a variety of add-ons installed on it. The browser extensions in question serve to spawn advertisements whenever the user is browsing the Web. To avoid raising suspicion, the fake variant of the Safari Web browser will replace the original version in all the menus on the system. However, users who are running versions of OSX older than 10.10 will not see the bogus prompt. Instead of spawning the fake prompt, the CrossRider application will run a script named 'install.sh.' This script serves to modify the active extensions present on the Safari and Google Chrome Web browsers. The CrossRider program will do this in the background to avoid raising red flags. The CrossRider application may end up collecting information from the infected computer, such as IP address, OS version, Web browser version, username, and the list of applications present on the user's Mac. The CrossRider program also can detect the version of the security tools on the Mac.
The CrossRider application is clearly not just regular adware. Make sure that your Mac is protected by a reputable anti-virus tool that will keep your machine and your data safe.
Aliases
15 security vendors flagged this file as malicious.
Anti-Virus Software | Detection |
---|---|
AVG | Crossrider.WFB |
Panda | Trj/Genetic.gen |
Antiy-AVL | Trojan[Downloader:HEUR]/Win32.AGeneric |
Fortinet | W32/AppRider.CT |
McAfee-GW-Edition | BehavesLike.Win32.ShopperPro.th |
DrWeb | Trojan.Crossrider1.43107 |
Sophos | AppRider (PUA) |
Kaspersky | not-a-virus:HEUR:AdWare.Win32.CrossRider.gen |
ClamAV | Win.Trojan.Troldesh-2 |
Symantec | Trojan.Gen.2 |
F-Prot | W32/S-d60a457c!Eldorado |
McAfee | Artemis!DC24DF79A82D |
Fortinet | Riskware/CrossRider |
McAfee | Artemis!7016A5D74459 |
AhnLab-V3 | PUP/Win32.CrossRider |
SpyHunter Detects & Remove CrossRider
File System Details
# | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|---|
1. | DCytaiesmt_smtyc_setup.exe | ea0ca98847dc1a403ffec3be116e8b2f | 3,126 |
2. | 2cac6850-ffcf-4e74-a8a7-4b644c0a229f-1-6.exe | 4b9ec41cadd5b9b6def12fbdeb4cb95a | 1,579 |
3. | 2cac6850-ffcf-4e74-a8a7-4b644c0a229f-1-7.exe | fafb2ae235f914d74044af7aa31831f4 | 1,392 |
4. | cf2f0c60-8b09-4897-ab0e-5643a89cf068-1-6.exe | eadc29cedbb6bf00e84ae866c637f9bf | 776 |
5. | w3NjmMN5jwhw9pYvby.exe | 3a1d89b89c9d62951957f0839578dd9b | 758 |
6. | 4fa2116b-e112-49ed-9d9c-a5989d8ac246-1-6.exe | 79d5efe13857da28a0f4ec1738ed002c | 642 |
7. | cf2f0c60-8b09-4897-ab0e-5643a89cf068-1-7.exe | 40980117fd3fd681dc6306816eba07db | 612 |
8. | 2cac6850-ffcf-4e74-a8a7-4b644c0a229f-5.exe | 7bf342d7a2fe1f5a1cc03a87e8606f62 | 538 |
9. | 2ae81b89-e7fe-4ba1-8c55-04e02cb19118-1-6.exe | 3f52805670502af0b57a04d1dc9eefc8 | 534 |
10. | 2cac6850-ffcf-4e74-a8a7-4b644c0a229f-6.exe | 202d0e52dcc36fba2ff8c73d10218c49 | 532 |
11. | 2cac6850-ffcf-4e74-a8a7-4b644c0a229f-10.exe | 556bf18a659978b748cb5a3404ccac41 | 505 |
12. | WMo6KeWiTVRt1VLTZ5v.exe | 1bcc1f03714c5734db3e02eaca0e07e6 | 463 |
13. | c4YZaBBAZ8u5FRuWDcsj.exe | ab6818a7ff17230a6e5119f6cdd1f85b | 330 |
14. | j2soiQ34cnwW0 | fe8abceb645d8571b81c599d18846ae3 | 316 |
15. | shopperamaisdabest_helper_service.exe | 7057bd7392002f0522aec901d92bcb3d | 307 |
16. | 9f16ff19-5066-4529-83c9-5ba1bafb0295-3.exe | 69d16d185e7d0abfa4782c37ee51dfbc | 199 |
17. | 9f16ff19-5066-4529-83c9-5ba1bafb0295-4.exe | 6a332a302128ad2952bcf760dd0fde8f | 193 |
18. | 31bcb83d-30ea-44b4-ad08-0311a30b4210-12.exe | 2eaada9912138acd7374b8d549cdf295 | 79 |
19. | ff8b367c-d6dc-48e6-9f3a-ceec62f7c5eb-12.exe | edac749b875141edd94be72f57a444da | 70 |
20. | 388e1ece-aa85-4c5e-970f-40347719777e-12.exe | ea98a95e48f6ebb77613718875e4d6de | 53 |
21. | ipMpK2Wj.exe | c6d6a6d0267d124cb8d5076b9672fd28 | 12 |
22. | JG.exe | 05eccfb9cbbd401a115b4b44fa453d92 | 7 |
23. | CCKxnhguMk.exe | c7c516caad688d159d293d439ec5d426 | 6 |
24. | DCnsq681F.tmp | d7982f444bbe30ea82a8805d207aa1bd | 5 |
25. | kong_games_notification_service.exe | b03fb6166e87328e5c8348b7986263e0 | 2 |
26. | kong_games_updating_service.exe | 3245cf5a3996ae901336dd286e555d9e | 2 |
27. | hosts-bho.dll | 153c17029119f51589baa333e4a4fa1e | 2 |
28. | dk.exe | da23bdd9c13d7fae63f720a1185a93b6 | 1 |
29. | hosts-bg.exe | 33fa2184f8cbe1325a5cc699873d0d45 | 1 |
Registry Details
Directories
CrossRider may create the following directory or directories:
%LOCALAPPDATA%\download balance |
%PROGRAMFILES%\48 dresses |
%PROGRAMFILES%\BrowsrPlus4 |
%PROGRAMFILES%\CrossriderWebApps |
%PROGRAMFILES%\MedPlayvidV3.1 |
%PROGRAMFILES%\MyBrowser 1.0.2V31.10 |
%PROGRAMFILES%\compare for fun |
%PROGRAMFILES%\dr games |
%PROGRAMFILES%\dress4u |
%PROGRAMFILES%\ext coupons |
%PROGRAMFILES%\fun coupons |
%PROGRAMFILES%\helper king |
%PROGRAMFILES%\shopping blast |
%PROGRAMFILES%\web disco |
%PROGRAMFILES%\winter web |
%PROGRAMFILES(X86)%\MedPlayvidV3.1 |
%PROGRAMFILES(X86)%\MyBrowser 1.0.2V31.10 |
%PROGRAMFILES(x86)%\48 dresses |
%PROGRAMFILES(x86)%\CrossriderWebApps |
%PROGRAMFILES(x86)%\HQVidual2y-v2.5V11.11 |
%PROGRAMFILES(x86)%\compare for fun |
%PROGRAMFILES(x86)%\dr games |
%PROGRAMFILES(x86)%\dress4u |
%PROGRAMFILES(x86)%\ext coupons |
%PROGRAMFILES(x86)%\fun coupons |
%PROGRAMFILES(x86)%\helper king |
%PROGRAMFILES(x86)%\shopping blast |
%PROGRAMFILES(x86)%\web disco |
%PROGRAMFILES(x86)%\winter web |
%programfiles%\OpedBrowsrVersion5 |
URLs
CrossRider may call the following URLs:
app.gencloudex.com/static |
crossriderManifest |
crossriderapp |