{"id":6360,"date":"2017-01-25T09:11:39","date_gmt":"2017-01-25T17:11:39","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/01\/25\/news-198\/"},"modified":"2017-01-25T09:11:39","modified_gmt":"2017-01-25T17:11:39","slug":"news-198","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2017\/01\/25\/news-198\/","title":{"rendered":"Avoid these “Free Minecraft \/ Garry’s Mod” adverts"},"content":{"rendered":"

Garry’s Mod is a sandbox physics game<\/a> which lets you manipulate ragdolls (effectively, static\u00a0video game characters) into certain\u00a0poses or player-made movies (Machinima<\/a>).<\/p>\n

If you were heavily into memes about 8 to 10 years ago, you probably saw no end of them\u00a0on YTMND<\/a> created with it. However, we’re about to have the exact opposite of a wonderful time. I was browsing for mods on the popular modding site Nexus<\/a>\u00a0and happened to see an eye-catching advert:<\/p>\n

\"mod<\/a><\/p>\n

\n

“Free: Garry’s Mod. Play now!”<\/em><\/p>\n<\/blockquote>\n

Sounds too good to be true, especially as you need a Steam account to buy and play it. How can I get it for free?<\/p>\n

The answer, it turns out, is by being sent to the Chrome store via the ad. This looks emphatically like Garry’s Mod so far:<\/p>\n

\"garry<\/a><\/p>\n

I mean, there’s zero ambiguity here. A huge picture of TF2 characters doing Garry’s Mod things, a massive GARRY’S MOD: PLAY slap bang in the middle of the screen. I am definitely, totally getting Garry’s Mod here, no doubt about it.<\/p>\n

I’d better read the small print before getting my Garry fill:<\/p>\n

\n

By clicking start game to install kidsvideogame games, you hereby consent to the kidsvideogame games terms of use and privacy policy, and agree to allow the kidsvideogame games extension to serve you advertisements. All such ads are served to you while you surf the internet and are branded as kidsvideogame games ads. the kidsavideogame games extension does not collect any personally identifiable information.<\/em><\/p>\n<\/blockquote>\n

Well, uh…better have a look? My excitement for free Garry’s Mod action seems to have decreased by at least 3% but I’m sure everything will work out when I click the play bu-<\/p>\n

\"\"<\/a><\/p>\n

….add Kids Videogame Advertising on the what now?<\/p>\n

\n

* Read and change all your data on the websites you visit<\/em>
* Communicate with cooperating websites<\/em>
* Manage your downloads<\/em><\/p>\n<\/blockquote>\n

That’s certainly an odd name for a child-centric extension and not a Garry’s Mod in sight so far.<\/p>\n

Here’s the Chrome store page the extension is coming from:<\/p>\n

\"kida<\/a><\/p>\n

 <\/p>\n

\n

KidsVideoGame ad revenue is used to support the KidsVideoGame software. We server a fixed number of ads to our user per day and do not store any Personally Identifiable Information (PII). There are different types of ad units served by the KidsVideoGame software including new page, video ads, text link ads. We display a clear branding box along with uninstall instructions in the event that a user would like to uninstall or learn more about our advertisements.<\/em><\/p>\n<\/blockquote>\n

In terms of user functionality, the extension doesn’t actually let you do anything with it – it’s entirely grayed out, and we saw no adverts served during testing. At one point, we’d installed four of them simultaneously just to see if something might spur them into action but it wasn’t to be.<\/p>\n

\"not<\/a><\/p>\n

I have to admit, I\u00a0was somewhat doubtful at this point that we’d be able to play a game which needs between 5 and 10GB of HDD space via a Chrome app but stranger things have happened at sea and all that. Ultimately, I detected a fatal lack of Garry, and indeed his mod, on the website kidsvideogame(dot)com which was\u00a0just a huge pile of browser-based flash games:<\/p>\n

\"videogame<\/a><\/p>\n

No Garry, then, but plenty of related antics elsewhere to take a look at.<\/p>\n

For example, we have a “Play Minecraft for free” ad on a Deus Ex<\/a> trailer, which is highly appropriate because I never asked for this:<\/p>\n

\"I<\/a><\/p>\n

Looks familiar, right? Let’s open up the Chrome store again and we have thuggamerz(dot)com offering up a huge “Minecraft: play now” landing page and an extension called “Thug Gamerz Advertising”:<\/p>\n

Click to view slideshow.<\/a> <\/p>\n

We’ve seen similar sites to the above and they seem to follow the same pattern – promote a cool “free” game via adverts, offer up an extension entirely unrelated to the game on display and then – depending on site – invite them to install and run an executable file (some simply stop at the extension. In terms of functionality, the extension doesn’t appear to do anything in terms of user interaction – it’s a grayed out icon on the Chrome taskbar).<\/p>\n

The Thuggamerz site offered up\u00a0an executable file immediately after installing the extension (unlike the site promoting free Garry’s Mod) called minecraft_download.exe (Gamisakiga setup). We detect this file as PUP.Optional.InstallCore<\/a>.<\/p>\n

\"you're<\/a><\/p>\n

\"exe<\/a><\/p>\n

After running the file, we see the following splash screen, from a program called “Download Bureau” which says it’ll “download and install the software on the computer”:<\/p>\n

\"download<\/a><\/p>\n

The file in question is _minecraft_download.zip, weighing in at 1.86MB.<\/p>\n

If you’re thinking that sounds a little small for Minecraft, you’d be right. Before we get to the punchline, a 30 day trial for a PDF viewer is offered up as an optional download during the install process:<\/p>\n

\"pdf<\/p>\n

As it turns out, that would actually be rather handy in this case as after all the hoops have been jumped, the extensions have been installed, the whirling collection of “Free Minecraft” banners have been clicked and the zip has been opened…<\/p>\n

\"minecraft<\/a><\/p>\n

…the would-be player (who is probably a child eagerly awaiting Minecraft shaped goodness) is presented with nothing more than 2 PDF flyers advertising Minecraft and Minecraft Story mode.<\/p>\n

Click to view slideshow.<\/a> <\/p>\n

Cue lots of screaming and parent reaching for the emergency earplugs.<\/p>\n

There is, unfortunately, no free game dancing to the tune promised by the various adverts and websites; after all that effort, being “rewarded” with two PDFs telling the person in front of the PC to effectively go to the official websites and buy the games could be considered a bit on the\u00a0underwhelming side of things. The sites we’ve seen so far which appear to be related to some or all of the above include\u00a0kidsvideogame(DOT)com, thuggamerz(DOT)com, bubblegif(DOT)com and gameshaunt(DOT)com and users of Malwarebytes 3.0<\/a> will find we block these URLs. It’s possible there are others, so please advise your game-hungry children to be cautious around too good to be true freebies.<\/p>\n

And keep those earplugs handy…<\/p>\n

 <\/p>\n

Christopher Boyd and Jovi Umawing<\/em><\/p>\n

https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"\n\n\n
<\/a><\/td>\n<\/tr>\n
If you see ads claiming to offer up free games like Garry’s Mod or Minecraft, you may wish to think twice – you’ll definitely get an extension, you may receive an executable, but free Minecraft? Keep searching, intrepid gamer…<\/p>\n

Categories: <\/p>\n