CrossRider
Posted: August 14, 2013
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 620 |
|---|---|
| Threat Level: | 1/10 |
| Infected PCs: | 1,632,811 |
| First Seen: | August 14, 2013 |
|---|---|
| Last Seen: | October 17, 2023 |
| OS(es) Affected: | Windows |
CrossRider is a multiple-browser platform used by various adware products, including some browser hijackers. Since CrossRider heavily emphasizes reducing the PC user's control over their Web browsers, malware experts ordinarily encourage deleting CrossRider toolbars and other, related products. Although CrossRider products may market themselves under a rainbow of colorful brand names, competent PC security solutions should have zero issues with identifying and uninstalling CrossRider derivatives of all types.
CrossRider: Riding Advertisements into Every Browser You Have
CrossRider is a JavaScript-based publishing platform that claims to allow developers to create 'new' browser products in a matter of minutes. Sadly, these products always fall under the category of browser hijackers, adware and other forms of Potentially Unwanted Programs that represent significant security disadvantages for their users. Malware experts are in an ongoing analysis of CrossRider's frequent product releases, including such samples as Radio Canyon Ads, Fraveen, Weather It Up, Savings Hero, LyricsMonkey, LyricsOn and LyricsContainer.
CrossRider modifies multiple Web browsers simultaneously, including Internet Explorer, Chrome and Firefox. Its modifications are variable with the version of CrossRider that's in use, but may include:
- Browser redirects to advertising websites.
- Having your browser's default search engine reset.
- Having your browser's homepage reset.
- Injecting additional advertisements into third-party Web pages unaffiliated with CrossRider products.
CrossRider, in all of its variants, is not threatening software. However, most PC security companies classify CrossRider products as PUPs or adware. Exposure to CrossRider advertisements may harm the performance of your browser or make your PC susceptible to scripted attacks, phishing tactics and other threats. Meanwhile, malware experts, consistently, find no real marketing or distribution efforts of repute on behalf of CrossRider products, and have found some trace evidence of CrossRider's company being involved in spambot-related activities.
Crossing CrossRider out of Your Web-Surfing Life
Because of the blatant undesirability of most adware, CrossRider may be installed in bundles with other products. These bundle installers won't always request your consent prior to installing their version of a CrossRider toolbar, and you may encounter them on illicit file-downloading networks or free file hosts with poor reputations. However, malware experts find that good brands of anti-adware and anti-malware scanners have excellent rates for detecting common CrossRider installers, as well as most individual variants of CrossRider. Because of their high flexibility in brand names, you shouldn't try to identify an individual CrossRider add-on by eye. However, any add-on that provides excessive advertisements or forces your browser to load an unwanted site may present a security risk for your PC.
The Crossrider platform may be used by adware developers to ensure that their apps run on Google Chrome, Opera, Internet Explorer, Safari and Mozilla Firefox and cover larger user-base. Applications detected as CrossRider are not considered as harmful because most of them function as private ad platforms for vendors or display ads to cover developing costs and stay free-of-charge. Programs that have the CrossRider tag are often deployed as additional components of freeware packages that most users install via the 'Express' or 'Typical' option. A few examples of adware powered CrossRider applications are Compare For Fun, Coupon Server and Coupon Champion. The programs labeled as variants of CrossRider can display banners, floating ad boxes, pop-up and pop-under windows, contextual and transitional commercials. Additionally, CrossRider may use tracking cookies, web beacons, and DOM storage data to help advertisers push targeted marketing content based on the online routine of PC users. Security experts advise users to remove CrossRider software by using a trusted anti-spyware utility to ensure the optimal performance of their web browser and stop unwanted ads from appearing.
In addition to targeting Windows users, the CrossRider adware also is available for Mac. Its core features are almost identical, but it does have some extra functionality that it needs to use to bypass Apple's security measures. Thankfully, CrossRider for Mac is not threatening in its current form. Still, some of its behavior is not typical for adware certainly – for example, it is able to spy on your OSX user credentials.
The Mac Adware Uses Fake Prompts to Collect Credentials
Due to the default security measures found in Apple's operating system, adware for Mac often may be involved in shadier behavior compared to its Windows counterparts. For example, CrossRider is known to display a fake login prompt, which is used to harvest the login credentials of Mac users – thankfully, they are not used to execute harmful attacks, but the fraudsters behind the adware will use the harvested login data to install additional adware components without the user's consent. Furthermore, in case the server used to serve the adware is compromised, an ill-minded actor may modify it to deliver more threatening malware such as ransomware or backdoor Trojans.
The CrossRider may be installed using different configurations depending on the recipient's operating system version. For example, if you use OSX 10.11 and above, the adware will use the aforementioned fake login prompt to collect your password, and then use it to deploy its components silently. One of these components is a fake copy of Safari that comes with a pre-installed list of add-ons that are meant to display advertisements whenever you use the browser. The bogus Safari version will replace the original one in every menu so that users who are not aware of the issue will end up seeing tons of advertisements.
Adaptive Adware Uses Different Tricks Depending on Your Operating System Version
Users of OSX versions prior to 10.10 will not see the fake login prompt and, instead, the CrossRider adware will initialize a script called 'install.sh' – its purpose is to apply changes to the Google Chrome and Safari Web browsers that concern their active extensions. All changes will be made off-screen so that the user will not see anything out of the ordinary.
Apart from displaying advertisements, the CrossRider adware also may collect data from the local computer – username, IP address, Web browser versions, OS version and the contents of the 'Applications' folder. Another worrying trait of CrossRider is its ability to identify the version of OSX's security components.
Mac adware is much more advanced than its Windows counterparts certainly – its authors use advanced techniques to bypass Apple's security measures, and Mac adware often may engage in shady behavior to gain the ability to install components without the user's approval. There is nothing stopping the adware's creators from deciding to use a more harmful payload, and it is crucial to take the required measures to prevent threats like this from entering your system incredibly.
Aliases
More aliases (57)
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:C:\Users\<username>\AppData\Local\Installer\Install_19591\DCytaiesmt_smtyc_setup.exe
File name: DCytaiesmt_smtyc_setup.exeSize: 1.22 MB (1222640 bytes)
MD5: ea0ca98847dc1a403ffec3be116e8b2f
Detection count: 7,317
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Local\Installer\Install_19591\DCytaiesmt_smtyc_setup.exe
Group: Malware file
Last Updated: July 22, 2023
%PROGRAMFILES(x86)%\MediaPlayerLtdEd1.2\2cac6850-ffcf-4e74-a8a7-4b644c0a229f-1-6.exe
File name: 2cac6850-ffcf-4e74-a8a7-4b644c0a229f-1-6.exeSize: 1.41 MB (1413080 bytes)
MD5: 4b9ec41cadd5b9b6def12fbdeb4cb95a
Detection count: 3,698
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES(x86)%\MediaPlayerLtdEd1.2
Group: Malware file
Last Updated: May 7, 2020
%PROGRAMFILES(x86)%\MediaPlayerLtdEd1.2\2cac6850-ffcf-4e74-a8a7-4b644c0a229f-1-7.exe
File name: 2cac6850-ffcf-4e74-a8a7-4b644c0a229f-1-7.exeSize: 1.1 MB (1104856 bytes)
MD5: fafb2ae235f914d74044af7aa31831f4
Detection count: 3,260
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES(x86)%\MediaPlayerLtdEd1.2
Group: Malware file
Last Updated: May 7, 2020
%PROGRAMFILES(x86)%\CinemaP-1.8cV05.02\cf2f0c60-8b09-4897-ab0e-5643a89cf068-1-6.exe
File name: cf2f0c60-8b09-4897-ab0e-5643a89cf068-1-6.exeSize: 1.41 MB (1413080 bytes)
MD5: eadc29cedbb6bf00e84ae866c637f9bf
Detection count: 1,817
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES(x86)%\CinemaP-1.8cV05.02
Group: Malware file
Last Updated: March 23, 2016
%SYSTEMDRIVE%\Users\<username>\AppData\Roaming\w3NjmMN5jwhw9pYvby.exe
File name: w3NjmMN5jwhw9pYvby.exeSize: 1.57 MB (1579520 bytes)
MD5: 3a1d89b89c9d62951957f0839578dd9b
Detection count: 1,766
File type: Executable File
Mime Type: unknown/exe
Path: %SYSTEMDRIVE%\Users\<username>\AppData\Roaming\w3NjmMN5jwhw9pYvby.exe
Group: Malware file
Last Updated: October 12, 2023
%PROGRAMFILES(x86)%\HQ Cinema Video 1.9cV09.02\2ae81b89-e7fe-4ba1-8c55-04e02cb19118-1-6.exe
File name: 2ae81b89-e7fe-4ba1-8c55-04e02cb19118-1-6.exeSize: 1.41 MB (1413080 bytes)
MD5: 3f52805670502af0b57a04d1dc9eefc8
Detection count: 1,251
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES(x86)%\HQ Cinema Video 1.9cV09.02
Group: Malware file
Last Updated: March 23, 2016
%PROGRAMFILES(x86)%\MediaPlayerLtdEd1.2\2cac6850-ffcf-4e74-a8a7-4b644c0a229f-6.exe
File name: 2cac6850-ffcf-4e74-a8a7-4b644c0a229f-6.exeSize: 1.42 MB (1420248 bytes)
MD5: 202d0e52dcc36fba2ff8c73d10218c49
Detection count: 1,246
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES(x86)%\MediaPlayerLtdEd1.2
Group: Malware file
Last Updated: May 7, 2020
G:\Master\Backup 08042015\RekaRumah\AppData\Roaming\WMo6KeWiTVRt1VLTZ5v.exe
File name: WMo6KeWiTVRt1VLTZ5v.exeSize: 1.57 MB (1577472 bytes)
MD5: 1bcc1f03714c5734db3e02eaca0e07e6
Detection count: 1,075
File type: Executable File
Mime Type: unknown/exe
Path: G:\Master\Backup 08042015\RekaRumah\AppData\Roaming\WMo6KeWiTVRt1VLTZ5v.exe
Group: Malware file
Last Updated: May 3, 2023
C:\Program Files\ShopperamaIsDaBest\shopperamaisdabest_helper_service.exe
File name: shopperamaisdabest_helper_service.exeSize: 191.71 KB (191719 bytes)
MD5: 7057bd7392002f0522aec901d92bcb3d
Detection count: 714
File type: Executable File
Mime Type: unknown/exe
Path: C:\Program Files\ShopperamaIsDaBest\shopperamaisdabest_helper_service.exe
Group: Malware file
Last Updated: May 23, 2023
%PROGRAMFILES%\Cinema_Plus_3.1jV07.07\9f16ff19-5066-4529-83c9-5ba1bafb0295-3.exe
File name: 9f16ff19-5066-4529-83c9-5ba1bafb0295-3.exeSize: 1.3 MB (1308752 bytes)
MD5: 69d16d185e7d0abfa4782c37ee51dfbc
Detection count: 466
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\Cinema_Plus_3.1jV07.07
Group: Malware file
Last Updated: July 8, 2017
%PROGRAMFILES(x86)%\winservice86\31bcb83d-30ea-44b4-ad08-0311a30b4210-12.exe
File name: 31bcb83d-30ea-44b4-ad08-0311a30b4210-12.exeSize: 671.19 KB (671192 bytes)
MD5: 2eaada9912138acd7374b8d549cdf295
Detection count: 185
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES(x86)%\winservice86
Group: Malware file
Last Updated: March 23, 2016
%PROGRAMFILES%\hosts\hosts-bg.exe
File name: hosts-bg.exeSize: 896 KB (896000 bytes)
MD5: 33fa2184f8cbe1325a5cc699873d0d45
Detection count: 64
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\hosts
Group: Malware file
Last Updated: August 3, 2017
%APPDATA%\dk.exe
File name: dk.exeSize: 1.47 MB (1477072 bytes)
MD5: da23bdd9c13d7fae63f720a1185a93b6
Detection count: 31
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: March 25, 2016
%APPDATA%\ipMpK2Wj.exe
File name: ipMpK2Wj.exeSize: 1.57 MB (1579008 bytes)
MD5: c6d6a6d0267d124cb8d5076b9672fd28
Detection count: 28
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: January 5, 2021
%APPDATA%\JG.exe
File name: JG.exeSize: 1.49 MB (1497560 bytes)
MD5: 05eccfb9cbbd401a115b4b44fa453d92
Detection count: 16
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: March 17, 2016
%APPDATA%\CCKxnhguMk.exe
File name: CCKxnhguMk.exeSize: 1.22 MB (1225216 bytes)
MD5: c7c516caad688d159d293d439ec5d426
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: July 25, 2020
%LOCALAPPDATA%\Installer\Install_28087\DCnsq681F.tmp
File name: DCnsq681F.tmpSize: 1.12 MB (1128448 bytes)
MD5: d7982f444bbe30ea82a8805d207aa1bd
Detection count: 12
File type: Temporary File
Mime Type: unknown/tmp
Path: %LOCALAPPDATA%\Installer\Install_28087
Group: Malware file
Last Updated: March 22, 2022
%PROGRAMFILES%\hosts\hosts-bho.dll
File name: hosts-bho.dllSize: 805.88 KB (805888 bytes)
MD5: 153c17029119f51589baa333e4a4fa1e
Detection count: 5
File type: Dynamic link library
Mime Type: unknown/dll
Path: %PROGRAMFILES%\hosts
Group: Malware file
Last Updated: August 3, 2017
More files
Registry Modifications
CLSID{02A96331-0CA6-40E2-A87D-C224601985EB}{3278F5CF-48F3-4253-A6BB-004CE84AF492}{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}{5645E0E7-FC12-43BF-A6E4-F9751942B298}{577975B8-C40E-43E6-B0DE-4C6B44088B52}{5E89ACE9-E16B-499A-87B4-0DBF742404C1}{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}{ADBC39BE-3D20-4333-8D99-E91EB1B62474}{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}File name without pathhttps_d19tqk5t6qcjac.cloudfront.net_0.localstoragehttps_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journalHKEY..\..\..\..{RegistryKeys}SOFTWARE\_CrossriderRegNamePlaceHolder_SOFTWARE\AppDataLow\Software\_CrossriderRegNamePlaceHolder_Software\AppDataLow\Software\CrossriderSoftware\ArenaHDSOFTWARE\Cinema_Plus-1.2V21.07Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_Software\Cr_InstallerSoftware\CrossriderSOFTWARE\HD4GoodSOFTWARE\HighDefActionSoftware\InstalledBrowserExtensions\215 AppsSoftware\InstalledBrowserExtensions\32846Software\InstalledBrowserExtensions\34087Software\InstalledBrowserExtensions\App+ServiceSoftware\InstalledBrowserExtensions\BrowserAppSPlusSoftware\InstalledBrowserExtensions\Buca AppsSoftware\InstalledBrowserExtensions\NewPlayerVideo+SOFTWARE\MediaPlayRS3SOFTWARE\MedPlayvidV3.1SOFTWARE\MyBrowser 1.0.2V31.10SOFTWARE\OpedBrowsrVersion5-nvSOFTWARE\OpedBrowsrVersion5-nv-ieSOFTWARE\Wow6432Node\AppDataLow\Software\CrossriderSOFTWARE\Wow6432Node\ArenaHDSOFTWARE\Wow6432Node\Cinema_Plus-1.2V21.07SOFTWARE\Wow6432Node\CrossriderSOFTWARE\Wow6432Node\HD4GoodSOFTWARE\Wow6432Node\HighDefActionSOFTWARE\Wow6432Node\InstalledBrowserExtensions\32846SOFTWARE\Wow6432Node\InstalledBrowserExtensions\34087SOFTWARE\Wow6432Node\MediaPlayRS3SOFTWARE\Wow6432Node\MedPlayvidV3.1SOFTWARE\Wow6432Node\MyBrowser 1.0.2V31.10SOFTWARE\Wow6432Node\YorkNewCinSoftware\YorkNewCinHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}Cinema_Plus-1.2V21.07HD4GoodMediaPlayerVid2.4MediaPlayRS3MedPlayvidV3.1MyBrowser 1.0.2V31.10
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.