CAM4 Phishing

CAM4 Phishing Description

CAM4 is a popular live streaming website catered towards adult audiences, as it features NSFW content. With a huge amount of monthly traffic and millions of registered users, such sites are quite often used as bait by creators of various PUPs (Potentially Unwanted Programs). Users who are distracted or do not pay enough attention to the little details may not even realize that a PUP has been installed on their computers or devices.

PUPs can be configured to perform a multitude of different functionalities. Most are either adware, browser hijackers or both. Adware is designed to monetize its presence by running an intrusive advertising campaign on the user's system. The advertisements can take numerous forms and could even start to cover the legitimate content, which understandably leads to a severely diminished user experience. 

Browser hijackers, on the other hand, are used as vehicles for the promotion of a fake search engine predominantly. They are capable of attaining a degree of control over the user browser, and more specifically over settings such as the homepage, new page tab and the default search engine. Afterward, whenever the user simply opens the affected browser, starts a new blank tab, or initiates a search in the URL bar, it would generate traffic towards the fake search engine immediately. The fake designation means that these engines cannot produce search results on their own. Instead, they take the user's query and redirect it towards a legitimate engine such as Yahoo, Bing or Google. Interspersed among the displayed results, however, could be various sponsored third-party advertisements that may not even match the search criteria.

The displayed advertisements and redirects caused by the PUP could take the user to unsafe websites. Quite often the forced redirects lead to dedicated phishing pages designed to siphon any information entered by the user. They could pretend to be conducting fake giveaways or surveys just to lure visitors into providing the asked information. 

Users also should keep in mind that nearly all PUPs are capable of harvesting data from the system they are installed on. The gathered information could stop at the general browsing habits of the user, such as visited websites and conducted searches or could reach sensitive payment, banking, credit/debit card details saved in the affected browser.