Skip to Content
Security & privacy

Watch out! Sneaky adware secretly takes screenshots of your desktop

Keeping cybercriminals from infecting our gadgets feels like a full-time job these days. We’re always having to prepare for the next scam so we can fend them off.

One problem is, sometimes victims don’t even know when their device has been infected. Hackers have sophisticated malware that can run in the background of a victim’s gadget without being detected.

These sneaky attacks can go unnoticed for quite some time. In fact, there was an adware attack recently discovered that has been infecting devices for years. Even worse, it allows criminals to secretly take screenshots of your desktop.

Your privacy could be at risk

Who doesn’t love free apps and programs? Finding the free equivalent of a program that could cost hundreds of dollars is a great way to save some bucks. A perfect example is LibreOffice, which is a powerful free office program that can replace Microsoft Office.

Whenever you download and run free apps or programs, you need to be careful though. That’s because there are bad actors out there creating malicious programs that can be used to rip you off or breach your privacy.

Researchers at Bitdefender recently discovered adware that’s been infecting devices for nearly six years. It’s being dubbed Zacinlo and has been targeting Windows machines in the U.S. since 2012. Even though the adware works on most Windows machines, about 90 percent of the infected ones are running Windows 10.

The adware components are secretly installed on the victim’s device by a downloader for a free VPN service called s5Mark. This alleged VPN is offered as a secondary download to the original free software that victims are intending to use.

Image: Example of s5Mark downloader. (Source: Bitdefender)

The infection begins when the victim gives permission to install the supposed VPN application. Once it’s executed, several other components are downloaded and the adware and rootkit is installed.

The malware then hides deep inside your PC, at its root. It also has an updater component that receives instructions from the criminals behind it from its command and control center. These updates allow the criminals to fend off anti-virus software, which is what has allowed it to stay on infected machines for years.

What can Zacinlo do?

If your gadget is infected with Zacinlo, it can open multiple browser sessions at once and load ad banners. It also simulates clicks on ads from a victim’s device, which generates revenue for the scammers.

Even scarier, Zacinlo lets the scammers take screenshots of your device. This is a huge breach of privacy and can give the attackers sensitive information that would allow them to pull off more devious acts such as steal from your bank account or steal your identity.

Obviously, none of these outcomes are good for you. That’s why it’s important to pay attention when installing new software.

If it asks you for admin permissions, do not allow it. Also, if the software you’re installing offers a secondary program, don’t download it without investigating the program first and never download the VPN s5Mark.

Have a question about anything tech related? Kim has your answer! Click here to send Kim a question.

The Kim Komando Show is broadcast on over 450 stations. Click here to find the show time in your area.

Ambassador Program background

Refer friends, earn rewards!

Why not share your new source of digital-lifestyle news, tips and advice with others? When your friends and family subscribe to Kim's free newsletters, you earn points toward awesome rewards!

Get Rewarded