SmartService
Posted: April 27, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 253 |
| First Seen: | April 27, 2017 |
|---|---|
| Last Seen: | January 25, 2020 |
| OS(es) Affected: | Windows |
SmartService is a Trojan that blocks a variety of essential security features and programs on the Windows machines, as well as exploits the system's resources for generating non-consensual advertising traffic. Although malware experts are seeing SmartService installing through methods most similar to those of adware and other PUPs, this program is an intentional threat to your PC's security. Use updated anti-malware products to block SmartService from compromising your PC or, if necessary, remove it afterward.
Adware Developers Getting Smart about Their Exploits
In their search for revenue, advertising-based software is often notable for straddling the sometimes ambiguous line between legal, desirable programs and threats that may cause harm to the user's computer. In what could become a troubling trend in the industry, malware researchers are starting to see evidence of adware-like products conducting behavior more worthy of classifying them as being threatening Trojans. This emerging evidence is most visible with SmartService, a new Trojan that's bundling itself with the sMark5 VPN app.
The sMark5 program has been in distribution for some time, but the addition of SmartService to its installation routine is a new one. Unlike most unwanted software that gains system access via bundles, SmartService includes a handful of malign features that may attack the system's security features directly. Not all of these functions show visible signs, and, although it conceals its memory processes poorly, SmartService doesn't display a user interface to let the user know of its installation.
Parts of the SmartService's payload that malware analysts can confirm are:
- SmartService uses a Windows service-based driver for blocking different security products automatically, including major anti-malware scanners and system-cleaner utilities potentially. PC users trying to open these programs will receive generic 'resource in use' errors from Windows. A hooking exploit lets SmartService analyze every memory process as it launches to determine whether or not it will allow it to continue.
- At the same time, SmartService also may prevent any users from deleting files or the Registry entries associated with itself or other, bundled software.
- SmartService's final feature of note is an advertising-clicker component. This file creates a hidden browser window for loading advertising content, letting its threat actors profit from fake traffic using your PC's resources. The Trojan does this without any visible pop-ups or other symptoms that are typical to adware that's aiming its content at the user.
Outsmarting the Service that isn't Serving You
Even though its distribution model is that of a Potentially Unwanted Program, and portions of its payload imitates the style of an adware product, SmartService is a dedicated Trojan whose features are entirely unsafe and non-consensual. Along with the security issues inherent to its payload, SmartService also can act as a secondary barrier preventing the victim from managing related threats that are causing additional safety issues, such as browser hijackers, adware and unwanted toolbars. The sMark5 program's installation agreement provides no warnings of the other programs bundling themselves with it and shows no signs of its being a non-benign product.
Because of the substantial disruption to core security features that accompanies SmartService, preventative security protocols are the recommended defense against this threat. Most anti-malware and anti-adware programs include various levels of threat detection for bundle-based Trojans and PUPs, which often are circulating in torrent networks and free software websites. If your security products can't launch to remove SmartService, restart your PC from a peripheral device or use additional security features, such as Safe Mode, to block this Trojan from opening.
Any user sufficiently paranoid to monitor their network traffic or memory processes may be able to notice SmartService's activities. For others, their best bet remains to stay clear of unsafe download resources that are just as likely to attack their PCs as deliver useful software.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.