I recently had a friend bring to my attention of a project much like brave but explaining that they paid just by leaving the browser open as a node. Well before I install anything I usually do some heavy digging on it. I found the site, found their linkedin (based in Russia, but no place specific) thinking this was odd I fired up a clean windows 10 vm and put sysinternals on it. I then downloaded the software. After examining if for awhile I have found it to silently start on start up... That's odd in itself... It also reaches out to chrome and just launches chrome and injects "ychrome_watcher.dll". If anyone knows more on this project please hit me up.
Submitted October 05, 2019 at 09:23PM
This is nonsense!
ReplyDelete"ychrome_watcher.dll" is a Google's library.
Proof:
1. https://chromium.googlesource.com/chromium/src/+/78.0.3904.108/chrome/chrome_watcher/chrome_watcher.def
2.
https://www.freefixer.com/library/file/chrome_watcher.dll-172199/#version-info
3.
https://www.hybrid-analysis.com/sample/01d42f12658abd409539b48b7a4682dc4b6b68e3273e1af5ae74a84cc072f837?environmentId=120