Skip to main content

Potentially unwanted program or browser extension installed

ID:unwanted_program
Data type:DNS, IP, HTTP
Severity:
Medium
MITRE ATT&CK:TA0001:T1189

Description

AlphaSOC detected network traffic to a destination that is commonly associated with potentially unwanted programs (PUPs) and browser extensions. These software packages and extensions are often free, but track user activities online, serve pop-up advertisements, and can lead to the installation of malware. As such, they introduce unnecessary risk within the environment and should be removed.

Impact

Unwanted programs can potentially collect sensitive data, modify browser settings, and inject malicious content into web pages. Adversaries often use these methods to gain initial access to a system by exploiting vulnerabilities in web browsers or tricking users into installing seemingly benign extensions that contain hidden malicious functionality.

Severity

SeverityCondition
Medium
Potentially unwanted program or browser extension installed

Investigation and Remediation

Investigate the affected system to identify the specific unwanted program or extension. Review recent user activities, browser history, and installed software. Remove the malicious component and scan the system for additional threats. Analyze network logs to determine if the unwanted software has communicated with external servers.