Threat Scorecard

Ranking: 2,888
Threat Level: 20 % (Normal)
Infected Computers: 153
First Seen: June 28, 2024
Last Seen: June 30, 2024
OS(es) Affected: Windows

FortyFy is a Potentially Unwanted Program (PUP) that has garnered attention due to its deceptive distribution methods and intrusive functionalities. This browser extension was discovered through a deceptive Web page, accessed via a redirect caused by a torrenting website employing rogue advertising networks. Marketed as a tool to prevent access to potentially harmful sites, FortyFy instead introduces a host of unwanted software and poses significant risks to user privacy and security.

Deceptive Installation and Bundled Software

The installation of FortyFy is typically bundled with other suspicious software. Researchers analyzing the FortyFy installer found it included various dubious programs, notably the FindQuest browser hijacker. FindQuest specifically targets Microsoft Edge browsers, altering their settings and promoting fake search engines. These hijackers modify browser configurations to redirect users to unreliable search engines, which often lead to genuine search sites like Google, Yahoo or Bing. In rare cases where these fake engines provide search results, the information is usually inaccurate, featuring sponsored, deceptive, or even malicious content. The presence of adware or other PUPs alongside FortyFy further complicates the security landscape for affected users.

Data Tracking and Privacy Concerns

FortyFy's data-tracking capabilities are particularly alarming. This browser extension targets various sensitive data types, including:

  • Browsing and search engine histories
  • Internet cookies
  • Account log-in credentials (usernames and passwords)
  • Personally identifiable information (PII)
  • Finance-related information

The collected data can be monetized by selling it to third parties, including potential cybercriminals. Such activities not only infringe on user privacy but also pose significant security risks, as sensitive information may be misused for malicious purposes, such as identity theft or financial fraud.

The Exploitation of Browser Management Features

A notable tactic employed by FortyFy is the use of the 'Managed by your organization' feature in Google Chrome. This legitimate feature is intended for enterprise environments, allowing administrators to manage browser settings across multiple devices. However, FortyFy exploits this feature to ensure persistence within the compromised browser and to gain additional control over its settings. This manipulation makes it challenging for users to remove the extension and restore their browser to its original state.

Questionable Practices in PUP Distribution

PUPs like FortyFy utilize a variety of questionable practices to spread and install themselves on users' systems. Some of the most common methods include:

  • Rogue Advertising Networks: PUPs often spread through rogue advertising networks, which display deceptive ads on various websites. These ads can lead to fake download pages or initiate redirects that result in the installation of unwanted software.
  • Bundling with Legitimate Software: Many PUPs are bundled with legitimate software downloads. Users may unwittingly install these programs when they fail to read the installation prompts carefully, leading to the simultaneous installation of both the desired software and the unwanted PUP.
  • Deceptive Installers: PUPs frequently use deceptive installers masquerading as legitimate software updates or downloads. These installers can trick users into believing they are installing necessary software when, in reality, they are introducing potentially harmful programs into their systems.
  • Fake System Alerts: PUPs often use fake system alerts to scare users into installing their software. These alerts may claim that the system is infected with viruses or other threats, prompting the user to download and install the PUP as a supposed solution.

FortyFy exemplifies the dangers posed by PUPs and their distribution methods. Through deceptive practices and intrusive functionalities, PUPs like FortyFy compromise user privacy and security, highlighting the need for vigilance and caution when downloading and installing software. Understanding the tactics used by these programs can help users avoid falling victim to such threats and preserve the integrity of their digital environments.


Most Viewed