Report: Jinshan and other software are promoted through pop-up windows of commonly used tools, spreading rogue behavior to hundreds of thousands of terminals.

Fire Feather Security released a report stating that multiple users have recently reported encountering pop-up ads and other rogue behaviors when installing certain tool class software. After analysis, it was found that this sample mainly spreads through bundling in the installation packages of commonly used tools such as Zip decompression, PDF converters, and screen recording software. It will execute a series of rogue behaviors including silently promoting the installation of software such as Kingsoft Internet Security, WPS, and CAD graphic viewer, and ultimately disguise itself as a plugin for integration and large-scale dissemination. The rogue behavior has spread to hundreds of thousands of terminals.