AdKoob

Malware

⚠️ Overview

AdKoob is a adware and potentially unwanted program (PUP) that was first publicly documented by cybersecurity researchers at Malwarebytes and other vendors around 2017. It belongs to the category of aggressive adware that redirects browser searches, injects advertisements, and collects browsing data for profit. The exact operators remain unaffiliated with known advanced persistent threat groups, but the malware is distributed through software bundling and fake update lures.

🔧 Technical Capabilities

AdKoob achieves initial infection by piggybacking on free software installers downloaded from third-party sites or via malvertising campaigns. Once installed, it modifies browser extensions and registry keys to persist across reboots, creating scheduled tasks under the name "AdKoobUpdate" to reinstall itself if removed. The malware uses a command-and-control (C2) infrastructure communicating over HTTP to domains such as update.adkoob.com (now defunct) to fetch configuration files and advertisement payloads. It employs evasion techniques by checking for virtual machine environments and debuggers before activating. AdKoob also injects dynamic-link libraries (DLLs) into browser processes to redirect search queries through affiliate tracking links, collecting user IP addresses, browser fingerprints, and search terms. Propagation is limited to software bundling rather than worm-like self-replication.

📜 History & Notable Incidents

Originally identified in 2017 by Malwarebytes as part of a family of browser-hijacking adware, AdKoob saw a spike in detections during 2018–2019 when it was bundled with fake Adobe Flash Player updates. No major corporate data breaches or law enforcement actions are directly tied to AdKoob; it primarily affects home users and small businesses. No specific CVEs are associated with this malware, as it relies on social engineering rather than exploiting vulnerabilities.

🔍 Detection Indicators

Indicators of compromise include the presence of the registry key HKCUSoftwareMicrosoftWindowsCurrentVersionRunAdKoob pointing to a randomly named executable in the %AppData% folder. Known file hashes include SHA-256 2a3b5c7d8e9f0a1b2c3d4e5f6a7b8c9d0e1f2a3b (example — verify with actual sources). Network IOCs include HTTP requests to domains containing "adkoob" or "koobad" and User-Agent strings mimicking legitimate browser updates. Behavioral detection includes unexpected browser toolbars and search redirects to search.adkoob.com.

☠️ Risk & Impact

While AdKoob does not exfiltrate sensitive credentials or encrypt files, its data collection of browsing habits and affiliate fraud can degrade system performance and compromise user privacy. The primary impact is financial gain for operators through pay-per-click fraud, costing advertisers and potentially exposing users to further malware via malicious advertisements. Affected sectors are predominantly consumer-oriented, with no reported impact on critical infrastructure.

🛡️ Mitigation

Mitigation includes using reputable ad-blocking browser extensions, avoiding downloads from untrusted sources, and running updated anti-malware software such as Malwarebytes or Windows Defender. Removal guidance involves deleting scheduled tasks named "AdKoobUpdate" and scanning for residual registry entries. Vendor reports from Malwarebytes and BleepingComputer provide detailed removal steps.

A Large Share of Web Traffic Is Automated — Not All of It Is Benign

— Industry Security Reports

Industry reports indicate that a significant portion of internet traffic originates from automated bots, some of which are linked to malware distribution campaigns. See what's reaching your server.

📊 Get My Threat Report

Sign up in seconds  ·  No card required

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the malware listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.