Mintcast Adware Turns Off Safe Browsing in Firefox Browser

A pair of "potentially unwanted programs" (PUPs) has been identified that disable the safe browsing utility in the Firefox Web-browser. This is done to make sure the programs are able to leverage their own malware and uninvited advertising. The programs are dubbed Mintcast 3.0.1 and Shell Services. Essentially, these programs act as additional components for Internet Explorer, Chrome and Firefox browser. They're planted devoid of user's consent.

Security Company Malwarebytes discovered one fresh variant of adware called Mintcast, which clandestinely shuts down Firefox's safe browsing feature. Mintcast gets installed on PCs via other software packages or any lone software. The adware typically shows advertisements while performing its damaging act. Myce.com posted this online dated December 29, 2015.

Incorporated into Firefox and Safari, the safe browsing utility is the creation of Google. This feature is simply a list containing unsafe URLs that earlier showed as disseminating malicious software. Mozilla and Google constantly update this list, which's utilized during real time helping Web-surfers to remain safe when navigating the web.

While the safe browsing feature of Firefox cautions Web-surfers about malware laced websites and phishing sites, Mintcast denies them this privilege by disabling the feature so that alert messages on harmful websites don't appear any longer.

The adware constructs one file namely user.js within Firefox profile of the end-user. The file gets planted in an automatic manner immediately as Firefox starts while it also changes the details of global browser configurations. Moreover, even if end-users apply manual means to enable 'safe browsing,' the feature again gets disabled during rebooting because of the specially crafted user.js document.

To find user.js file one needs to access folderC:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default. However, if the user.js filename can't be obtained within the code, it would mean that the adware has crafted one fresh file described with just 3 code lines.

Incidentally, whenever the browser is opened, user.js becomes active and continues in that state despite the end-user doing a reset. So to get rid of this malicious user.js file, one requires eliminating the file that is inside the aforementioned folder alternatively erasing all lines which Mintcast appends to it.

» SPAMfighter News - 1/1/2016