Analysis of Disco Savings Adware


We have analyzed the Disco Savings malware in order to identify it's internals and posted a whitepaper, so you should check it for all the details regarding the analysis process. We have posted a number of malicious JavaScript files used by Disco Savings adware in our malware-samples Github repository in disco-savings folder.

We have identified the malware was using different URLs based on the originating country of where the infection was coming from. Mainly, the following countries were specifically targeted:

  • United States
  • Germany
  • United Kingdom
  • Mexico
  • India
  • Colombia
  • Spain
  • Chile
  • Belgium
  • Canada
  • Australia
  • France
  • Austria
  • Switzerland
  • Poland
  • Russia
  • Brazil
  • Netherlands
  • Italy
  • Argentina

If you're interested in the internals of the malware as well as the actual malicious files, you can read the whitepaper.