Unicom Malware Might Contain Infostealing Features

Our researchers determined that Unicom is a malicious application, distinct and unrelated to UNICOM Global, which is a legitimate corporate entity. The Unicom malware is distributed through a malicious installer found on an unreliable website. The precise purpose of Unicom remains unclear. It is crucial to emphasize that the installer responsible for disseminating Unicom includes additional undesirable elements.

Given its questionable nature, Unicom has the potential to illicitly collect a wide range of sensitive information from unsuspecting users. This may encompass personally identifiable information such as names, addresses, and contact details, along with login credentials for various online accounts.

Furthermore, Unicom may aim to gather data on users' browsing habits, location, and device details, enabling the creation of a comprehensive user profile that could be exploited for malicious activities. It is not uncommon for dubious applications like Unicom to operate as cryptocurrency miners.

Upon installation on a user's device, Unicom might initiate resource-intensive processes in the background, utilizing the device's CPU or GPU power for cryptocurrency mining activities like Bitcoin or Ethereum. This can lead to increased energy consumption, diminished device performance, system crashes, and other issues for users.

Another cause for concern regarding Unicom is the inclusion of unwanted components within the installer responsible for delivering the application.

How Are Malicious Apps and Infostealers Commonly Distributed?

Malicious apps and infostealers are commonly distributed through various methods, often taking advantage of unsuspecting users. Here are some common distribution methods:

Malicious Websites: Cybercriminals create fake or compromised websites that host malicious apps. Users may be tricked into downloading and installing these apps, thinking they are legitimate or necessary for a specific purpose.

App Stores: Some malicious apps manage to infiltrate official app stores by using deceptive tactics or exploiting vulnerabilities in the app review process. Users may inadvertently download these apps, believing they are safe due to the store's reputation.

Phishing Emails: Cybercriminals use phishing emails to distribute malicious apps or links to download them. These emails often appear legitimate and may mimic trusted organizations or services, tricking users into downloading and installing the malicious apps.

Software Bundling: Malicious apps may be bundled with seemingly legitimate software. Users who download and install software from unofficial or questionable sources may unknowingly install additional malicious apps along with the intended software.

Fake Software Updates: Cybercriminals create fake software update notifications that prompt users to download and install updates. These updates may actually be malicious apps disguised as legitimate updates, taking advantage of users who want to keep their software current.

Third-Party App Markets: Users who download apps from unofficial or third-party app markets outside of official app stores may be at a higher risk of encountering malicious apps. These markets often have fewer security measures in place.

Social Engineering: Malicious apps may be distributed through social engineering tactics, such as enticing users with promises of free or exclusive content, prizes, or discounts. Users may be prompted to download apps that appear harmless but contain malicious code.