On several sites, we have seen reports of popups that look very similar to the one Java used to notify users when the content of a site requires the Java plugin to show the full content.
But if we follow this particular prompt we get something completely different called “Media Downloader”.
The downloaded file is called setup.exe and is recognized by a few scanners that detect this file as potentially unwanted adware. (PUP.Optional.Media)
It installs a program called Media Downloader version 1.5.
The other one I want to show you is not actually a pop-up, but a background image that was made to look like one.
Clicking this “Install” button downloads and prompts you to install a bundler that does install Java version 1.8.25 but not until they have offered the other components of the bundle.
In this case I had to “Decline” Norton360, Weatherbug, PC Mechanic and Stormfall Age of War. Note that the latest version for my system is Version 8 Update 65. Version 8u25 is over a year old.
Paying attention to the UAC prompt could have saved us some work here. Super IS (Fried Cookie Ltd.) somehow doesn’t have that official ring to it to convince me that this is the Java installer I was promised.
Having Malwarebytes Anti-Malware Premium installed and set to protect against PUPs would have helped as well. It detects and stops the bundler from deploying.
Probably triggered by the critical patch update that was released by Oracle there are some sites that use this opportunity to lure users into using Java prompt lookalikes or bundled installers (for outdated versions). As always, get your software from trusted sources and…
Save yourself the hassle and get protected.
Pieter Arntz