PDFCastle

Potentially Unwanted Programs (PUPs) are software applications that, while not explicitly unsafe, often exhibit behaviors that users may not desire or expect. They can include adware, browser hijackers and other software that may compromise user privacy or security.

Cybersecurity researchers recently uncovered PDFCastle during an investigation of dubious websites. Marketed as a comprehensive PDF management tool, PDFCastle claims to offer features such as viewing, creating, editing, and converting PDF files into various formats, including Microsoft Word documents.

However, PDFCastle doesn't function as advertised; instead, it promotes the use of the fake search engine portal.pdfcastle.com. Furthermore, PDFCastle may harbor additional harmful functionalities beyond what is apparent at first glance. It's important to note that PUPs like PDFCastle are frequently bundled with other suspicious software, which can further exacerbate security risks.

PDFCastle Takes Over Users' Browser Settings

PDFCastle promotes the use of portal.pdfcastle.com, which masquerades as a search engine. Such websites are typically associated with browser hijackers, though PDFCastle itself does not directly modify browser settings.

Browser hijacker software typically alters browser configurations to redirect users to sponsored sites when they perform searches or open new tabs/windows. However, PDFCastle simply opens portal.pdfcastle.com when its shortcut is launched without modifying browser settings.

These fake search engines, like portal.pdfcastle.com, often redirect users to legitimate search engines such as nearbyme.io and Yahoo. However, nearbyme.io, despite generating search results, tends to display inaccurate and potentially harmful content.

Websites like portal.pdfcastle.com often gather user information. Additionally, PDFCastle, being a PUP, may include data-tracking features. This can result in the collection of sensitive data like browsing history, login credentials, and financial information, which might be exploited or sold to third parties, including cybercriminals.

PUPs may Attempt to Hide Their Installation from Users

PUPs employ various tactics to conceal their installation from users' attention:

• Bundling with Legitimate Software: PUPs often piggyback on legitimate software installations. They are bundled with free or popular software that users intentionally download, often hiding their presence in the installation process through pre-selected checkboxes or fine print.
• Misleading Installation Wizards: PUP installers may use deceptive installation wizards that distract users from noticing additional software being installed. They might use confusing wording or obscure the presence of bundled programs.
• Opt-Out Mechanisms: PUPs may offer opt-out options during installation, but these are often designed to be overlooked. Users might miss these options if they are presented in a way that requires careful attention or if they are buried within lengthy terms and conditions.
• Aggressive Marketing Tactics: Some PUPs use aggressive advertising methods to entice users into installing them, such as fake system alerts, misleading pop-ups, or scare tactics claiming the need for certain software to enhance system performance or security.
• Camouflaged Interfaces: PUPs may mimic system alerts or dialog boxes to trick users into thinking they are performing legitimate actions. These interfaces can be designed to closely resemble operating system messages, making it difficult for users to distinguish them from genuine notifications.
• Hiding in Browser Extensions or Add-ons: PUPs can disguise themselves as browser extensions or add-ons, often offering seemingly useful features. Users may overlook the permissions requested by these extensions or fail to review their functionality thoroughly.
• Silent Background Installation: Some PUPs install silently in the background without displaying any noticeable prompts or notifications to the user. Users may only realize their presence once they notice changes in their system's behavior or performance.

Overall, PUPs rely on user oversight, distraction, and deceptive tactics to slip past users' attention during installation, often leading to unintended installation and potential security risks.