MoneyFriend
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 80 % (High) |
Infected Computers: | 62 |
First Seen: | June 19, 2017 |
Last Seen: | May 14, 2022 |
OS(es) Affected: | Windows |
MoneyFriend is a name that is associated with adware, which was reported by PC security researchers in the third week of June 2017. The MoneyFriend adware is a program that is distributed to users as an optional component to free software packages. Choosing the 'Express' installation may allow the MoneyFriend adware to be installed to the Temp directory and change various Internet-related settings on your device. Cyber security analysts alert that the MoneyFriend adware is just as threatening as the Ntuserlitelist adware, which we reported near the end of March 2017. Both programs edit the system Registry, the proxy configuration and inject code into running processes that have Internet connectivity.
The MoneyFriend adware features a built-in Proxomitron module, which is a customized build of the Proxomitron software created by Scott Lemmon. The Proxomitron module acts as a proxy gateway, which your computer uses to exchange data with the Internet. Consequently, the remote servers that are associated with the MoneyFriend adware can alter the data traffic to your machine. A closer look at the MoneyFriend showed that infected users are exposed to insecure content that is injected via a JavaScript code on all pages they load in the browser. The MoneyFriend adware takes advantage of the private proxy server to substitute and add advertisements to your favorite sites. Evidently, the MoneyFriend adware is configured to download marketing materials from the following locations:
- Browsersecurity[.]info
- Browserinfo[.]org
- allnrcs.gakax[.]xyz
Moreover, the MoneyFriend is reported to install third-party browser extensions without the need for user confirmation. Reports from users show that the MoneyFriend adware might add extensions like 'Furniture Guru,' 'IndiaShopps' and 'MSoft Update'. The domains listed above, are recognized as untrusted by various Web filters like Websense Web Filter, Google Safebrowsing and Mozilla Phishing Protection. PC users that find ads by MoneyFriend in their browser and notice a notification in the status bar that says 'Transferring to allnrcs.gakax.xyz' may want to run an in-depth system scan with a reputable anti-malware suite.