Overview

We have analyzed the Disco Savings malware in order to identify it's internals and posted a whitepaper, so you should check it for all the details regarding the analysis process. We have posted a number of malicious JavaScript files used by Disco Savings adware in our malware-samples Github repository in disco-savings folder.

We have identified the malware was using different URLs based on the originating country of where the infection was coming from. Mainly, the following countries were specifically targeted:

• United States
• Germany
• United Kingdom
• Mexico
• India
• Colombia
• Spain
• Chile
• Belgium
• Canada
• Australia
• France
• Austria
• Switzerland
• Poland
• Russia
• Brazil
• Netherlands
• Italy
• Argentina

If you're interested in the internals of the malware as well as the actual malicious files, you can read the whitepaper.