Google-Backed File-Sharing Service -- Xunlei -- Spreads Malware
Hello July 05, 2020, 11:35:08 am *
Welcome, Guest. Please login or register.
   Home   Help Search Login Register  
Pages: [1]   Go Down
Author Topic: Google-Backed File-Sharing Service -- Xunlei -- Spreads Malware  (Read 1616 times)
0 Members and 1 Guest are viewing this topic.

« on: October 15, 2013, 08:18:08 pm »

October 14, 2013 by Ernesto on Torrent Freak

With hundreds of millions of active users Xunlei is arguably the most used BitTorrent client in the world, albeit almost exclusively in China. But aside from delivering entertainment the company was recently found to be distributing malware to thousands of people through its services. The company, partly owned by Google, has fired the employees responsible and now offers an uninstaller to infected users.

To the Western public the name Xunlei might not ring any immediate bells, but in China its software is used by hundreds of millions of people every month.

Previously the company’s BitTorrent client was crowned the most used BitTorrent software in the world, beating uTorrent and several other popular clients.

Xunlei’s website offers a searchable index of billions of media files which users can download with the proprietary Xunlei software. The company is partly owned by Google and in recent years has evolved into the leading player in the online file-sharing space.

Recently, however, the company ran into trouble when people spotted suspicious software on their systems signed with a Xunlei security certificate. A thorough investigation from ESET now reveals that Xunlei the company has been spreading malware to Windows and Android users.

While it’s unclear how the application is distributed, the windows installer “INPEnhSetup.exe” that spreads the suspicious files is directly connected to the Chinese file-sharing giant. Besides the security certificate, the application also calls home to the Xunlei-owned domain

Once the “dropper” is installed it loads an Office plugin which among other things downloads an Android application. This application is then installed on all Android devices that are connected to the computer, which subsequently installs several other seemingly harmless applications.

ESET looked at all the technical details of the software distributed by Xunlei and has categorized the application as a malicious program under the name Win32/Kankan.

“The use of a fake Office plugin to gain persistence, the ability to silently install Android applications, and the backdoor functionalities, confirm the validity of the concerns of Chinese users and explains why ESET detects this program as malicious, under the name Win32/Kankan,” ESET’s Joan Calvet writes.

“There are still some open questions, like the original infection vector and the exact reason the Android applications were installed,” he adds.

While it remains unclear whether Xunlei’s popular BitTorrent client was used to spread the malware, the company has admitted that its employees were responsible for the development and distribution of the suspicious software.

During a press conference Xunlei apologized for their mistakes. The company said that the personnel responsible were acting without permission and have since been fired.

For affected users Xunlei has released an uninstaller and according to ESET the number of infections has dropped significantly since its release.

Pages: [1]   Go Up

* Permissions
You can't post new topics.
You can't post replies.
You can't post attachments.
You can't modify your posts.
BBCode Enabled
Smilies Enabled
[img] Enabled
HTML Disabled

Jump to:  

Related Topics
Subject Started by Replies Views Last post
France proposes to cut off file sharing BitTorrent & Internet News Windsong 3 2381 Last post May 14, 2008, 05:38:13 pm
by dmcuk
Will Google Deliver a 'Google TV' with Intel and Sony? Technical Stuff leatherbear 0 1175 Last post March 22, 2010, 02:52:10 am
by leatherbear
Sweden recognises new file-sharing religion Kopimism Religion & Philosophy leatherbear 1 1839 Last post October 18, 2015, 10:44:42 pm
by BosnianPig