'Your Windows drivers expired today' Pop-Ups

The 'Your Windows drivers expired today' pop-ups, which you may encounter online, are not notifications from your browser reminding you to keep your software up-to-date. The 'Your Windows drivers expired today' pop-ups may be used as an advertising trick by some software deployment platforms, which are supported by advertisers. The display of the 'Your Windows drivers expired today' pop-ups may be accompanied by a beeping sound, which many users might associate with some form of warning. However, the 'Your Windows drivers expired today' notifications are not produced by cyber security vendors or your browser. The 'Your Windows drivers expired today' messages aim to lure users into clicking a button that says 'To update,' which triggers a browser redirect via a random gateway leading the user to an ad-supported program, adware and APK files for the Android OS. We have seen the 'Your Windows drivers expired today' message feature the following text:

'Your Windows drivers expired today on [CURRENT DATE] !
Warning: [YOUR OS VERSION]
Outdated !: If you do not update your drivers immediately, you will not be able to use your computer once it has been shut down, and all your files are going to be deleted in 202 seconds.
Required:Get the latest drivers certified by Microsoft below to keep your computer up to date.
[To update|button]'

A network analysis revealed that the 'Your Windows drivers expired today' pop-ups are generated via pages such as h[tt]p://microsoft.com.cdn.pcsaver3[.]win/newlander/microsoftwarningx.html, which might trigger a browser redirect via h[tt]p://track2.localnewschannel7[.]online/click to another site. A quick search on an online security platform showed that the 'Your Windows drivers expired today' messages aim to drive Web traffic to the 184.50.239.19 and the 184.50.239.27 IP addresses. We have found the following redirect-gateways to be connected to h[tt]p://microsoft.com.cdn.pcsaver3[.]win/newlander/microsoftwarningx.html:

h[tt]p://ardownload.adobe[.]com/pub/adobe/ServicesUpdater/win/DC/
h[tt]p://download.nikonimglib[.]com/archive1/
h[tt]p://ducdn.gamedreamer.co[.]kr/
h[tt]p://install-cdn.hulatoo[.]net/bed
h[tt]p://install-cdn.sourceapp[.]info/bed?r=
h[tt]p://install.oasisspace[.]net/mg?alpha=
h[tt]p://sdkdl.androidapp.baidu[.]com/public/uploads/dsp-files/apk/
h[tt]p://sis.n-able[.]com/
h[tt]p://t.signauxtrois[.]com/e1t/c/5/
h[tt]p://www.freeappsoftheday[.]com/?app=

The IPs mentioned above may be used by the StartApp Ad Platform (Startapp.com) to provide ad-supported programs to end-users. However, many of the apps connected to the 184.50.239.19 and the 184.50.239.27 IP addresses are flagged as Potentially Unwanted Programs (PUPs), adware, and risky apps for the Android OS. Computer security experts advise against downloading questionable software from the pages mentioned above. Additionally, there is a major risk of compromising your smart phone if you add APKs that come from sources other than the Google Play Store. You may want to add a credible anti-malware shield to your system, which can block untrusted pages and prevent browser redirects to insecure content. AV companies recognize the files related to the 'Your Windows drivers expired today' and use the following detection names:

• Android/Generic.Z.47298F!tr
• AppRisk:Generisk
• Malware.Undefined!8.C (cloud:MbF2aGz40SC)
• PUA.AndroidOS.Appad
• RiskWare.Tool.HCK
• Suspicious_GEN.F47V0730
• Win32/RealNetworks.A
• Win32:SecurityReviver-A [PUP]
• ZIP/Trojan.EHAF-14