Malicious Weaponized Version of SnowBox App, Spreading in the Wild

Malicious Weaponized Version of SnowBox App, Spreading in the Wild

For those that don’t want to pay for HD content, they end-up using gray-area apps to accomplish the same thing. However, aside from the user-made free content on Youtube, there are more questionable sources on the Internet that covers free HD content than legitimate and safe sources. One such app that went to the dark side literally was SnowBox. It basically was a rip-off of Netflix, which promises the user with free HD content.

Somehow, SnowBox works as promised, however, Malwarebytes has performed their deep investigation with the app of a similar name and discovered its nasty operations behind the scenes. Such a version of SnowBox is a browser hijacker. This information is withheld from the user by the app, Snowbox is sideloaded by the user as it is not available in Google Play Store.

After installation, the user will experience a general slowness of Internet browsing, less performance from the device, it also exhibits randomly deleting user data from the device. The same app is also available for Windows PC and iOS devices, creating a bigger target market for the virus authors. The Windows PC version of the app (as an extension for Firefox, Chrome and Internet Explorer) also has a capability to monitor bank website browsing, extracting banking details and other relevant personally identifiable information from the unsuspecting user.

As being an unwanted and very damaging app, The original authors of SnowBox are advising users to remove the malicious version from their browsers by following the steps below: (Direct quotes from https://showboxbuzz.com/remove-showbox-virus)

Step 1: End malicious process related to Showbox.

  1. Open the task manager on your PC using the key combinations ‘Ctrl + Shift + Esc.’
  2. Search for the process related to Showbox and click on ‘End Process.’

Step 2: Remove all unwanted plug-in linked with Showbox from different browsers such as Chrome, Firefox, and Internet Explorer.

For Chrome

  1. Click the Chrome menu button which you will find on the browser toolbar.
  2. Here, click on ‘Tools.’
  3. Then, select ‘Extensions.’
  4. Now, you need to click on the trash can icon to delete Showbox extension.
  5. Also, make sure that you remove all the unwanted extensions.
  6. A confirmation dialog will pop-up on the screen, click the ‘Remove’ option.

For Firefox

  1. First, click on the menu button and choose ‘Add-ons.’ Then, the Add-ons Manager tab will start.
  2. Now, from the Add-ons Manager tab, select the Extensions panel.
  3. Remove all the unwanted extensions.
  4. Then, click on ‘Disable’ or ‘Remove’ option of Showbox.
  5. Now, click ‘Restart now’ option if it pops up.

For Internet Explorer

  1. Open the Internet Explorer, click the Tools option, and then click ‘Manage add-ons.’
  2. Then, click ‘Toolbars and Extensions’ on the left-hand side of the window and then select ‘Showbox.’
  3. Remove all the unwanted BHO’s.
  4. If the add-on can be deleted, click the ‘Remove’ option. And then, click ‘Close’. Otherwise, click the ‘Disable’ option.

Step 3: Uninstall all unwanted programs related to Showbox.

  1. Launch the Control Panel window on your PC.
  2. In the Control Panel window, click on ‘Uninstall a program’ option which you will find under the ‘Programs’ category.
  3. Here, in the ‘Programs and Features’ window, search and uninstall Showbox. Along with other unwanted and unknown programs which appear suspicious to you.

Step 4: Locate and remove all malicious registry files generated by Showbox app.

  1. Open the Registry Editor by pressing the Win key and R key simultaneously. Then, type ‘Regedit’ in the dialog box and press the ‘Enter’ key.
  2. Then, search and delete all the corrupt registry files related to Showbox.

Kevin Jones484 Posts

Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others. He holds prestigious certifications like OSWP, OSCP, ITIL. His goals in life are simple - to finish her maiden business venture on Cybersecurity, and then to keep writing books for as long as possibly can and never miss a flight that makes the news.

0 Comments

Leave a Comment

Login

Welcome! Login in to your account

Remember me Lost your password?

Don't have account. Register

Lost Password
Register