We came across a browser modifier
that sports rootkit
capabilities. Not only does the threat, detected as BrowserModifier:Win32/Soctuseer
, cross the line that separates legitimate software from unwanted
, it also takes staying under the radar to the next level.
Rootkit capabilities, which make it difficult to detect and remove applications, are usually associated with malware
. Yet Soctuseer
uses rootkit capabilities to conceal its presence on a computer, ultimately making it difficult for affected users to control their device and browsing experience.
Apart from hiding its presence, Soctuseer
installs itself without using your browser’s supported extensibility model for installation. And, once installed and running, it takes away the control you should have about how it operates. You can’t enable or disable it from your browser settings. The result is that you can be served webpage content that is modified without your consent.
No matter how it attempts to hide, though, most Soctuseer
installations and system modifications will be uncovered and removed by the Microsoft Malicious Software Removal Tool
(MSRT). We’re adding detections for BrowserModifier:Win32/Soctuseer
in this month’s MSRT release, helping to lessen interference to your browsing experience...