FortyFy
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 2,888 |
| Threat Level: | 20 % (Normal) |
| Infected Computers: | 153 |
| First Seen: | June 28, 2024 |
| Last Seen: | June 30, 2024 |
| OS(es) Affected: | Windows |
FortyFy is a Potentially Unwanted Program (PUP) that has garnered attention due to its deceptive distribution methods and intrusive functionalities. This browser extension was discovered through a deceptive Web page, accessed via a redirect caused by a torrenting website employing rogue advertising networks. Marketed as a tool to prevent access to potentially harmful sites, FortyFy instead introduces a host of unwanted software and poses significant risks to user privacy and security.
Table of Contents
Deceptive Installation and Bundled Software
The installation of FortyFy is typically bundled with other suspicious software. Researchers analyzing the FortyFy installer found it included various dubious programs, notably the FindQuest browser hijacker. FindQuest specifically targets Microsoft Edge browsers, altering their settings and promoting fake search engines. These hijackers modify browser configurations to redirect users to unreliable search engines, which often lead to genuine search sites like Google, Yahoo or Bing. In rare cases where these fake engines provide search results, the information is usually inaccurate, featuring sponsored, deceptive, or even malicious content. The presence of adware or other PUPs alongside FortyFy further complicates the security landscape for affected users.
Data Tracking and Privacy Concerns
FortyFy's data-tracking capabilities are particularly alarming. This browser extension targets various sensitive data types, including:
- Browsing and search engine histories
- Internet cookies
- Account log-in credentials (usernames and passwords)
- Personally identifiable information (PII)
- Finance-related information
The collected data can be monetized by selling it to third parties, including potential cybercriminals. Such activities not only infringe on user privacy but also pose significant security risks, as sensitive information may be misused for malicious purposes, such as identity theft or financial fraud.
The Exploitation of Browser Management Features
A notable tactic employed by FortyFy is the use of the 'Managed by your organization' feature in Google Chrome. This legitimate feature is intended for enterprise environments, allowing administrators to manage browser settings across multiple devices. However, FortyFy exploits this feature to ensure persistence within the compromised browser and to gain additional control over its settings. This manipulation makes it challenging for users to remove the extension and restore their browser to its original state.
Questionable Practices in PUP Distribution
PUPs like FortyFy utilize a variety of questionable practices to spread and install themselves on users' systems. Some of the most common methods include:
- Rogue Advertising Networks: PUPs often spread through rogue advertising networks, which display deceptive ads on various websites. These ads can lead to fake download pages or initiate redirects that result in the installation of unwanted software.
- Bundling with Legitimate Software: Many PUPs are bundled with legitimate software downloads. Users may unwittingly install these programs when they fail to read the installation prompts carefully, leading to the simultaneous installation of both the desired software and the unwanted PUP.
- Deceptive Installers: PUPs frequently use deceptive installers masquerading as legitimate software updates or downloads. These installers can trick users into believing they are installing necessary software when, in reality, they are introducing potentially harmful programs into their systems.
- Fake System Alerts: PUPs often use fake system alerts to scare users into installing their software. These alerts may claim that the system is infected with viruses or other threats, prompting the user to download and install the PUP as a supposed solution.
FortyFy exemplifies the dangers posed by PUPs and their distribution methods. Through deceptive practices and intrusive functionalities, PUPs like FortyFy compromise user privacy and security, highlighting the need for vigilance and caution when downloading and installing software. Understanding the tactics used by these programs can help users avoid falling victim to such threats and preserve the integrity of their digital environments.
