Torch malware / browser?



  • Anyone know anything about this one? We have a customer that swears we infected them with "torch" malware by installing MS soap toolkit on their system... but they use Symantec, so I'm not even sure they have any infection at all. All our systems are clean, inventory scan shows no Torch variants (apparently it's a hijacked browser / toolbar / ad supplier / etc). I will be performing further scans on the 4 systems that actually connect to their network later tonight, but in the meantime, has anyone come across this, and if so, how was it delivered? Drive-by, bundled with an installer (if so, which one), or what? I want positive evidence to rebuke the customer's claim (they are small and have a half ass IT department, so they are trying their best to blame anyone outside their building for this).

    edit: they claim to have nuked the server in question, but I think they just refreshed the OS, leaving behind traces that let it reinstall. Trying now to confirm this.



  • MalwareBytes says it's bundled with PUP software.



  • Here is the virustotal results.


  • Banned

    @RojoLoco said in Torch malware / browser?:

    but they use Symantec, so I'm not even sure they have any infection at all.

    They might have improved it but Symantec almost never deals with pups and other light threats, I've seen it smile and wave at Cryptolocker months after it came out because it was part of a silly toolbar.



  • If we're talking about the same Torch, it's not malware. It has a torrent client embedded in it so that might be throwing up a flag.

    Not to say it might be a phishing variant, or be compromised in another way. But the browser itself is fine (based on Chrome). Used it for a couple years before moving on.



  • @DustinB3403 said in Torch malware / browser?:

    MalwareBytes says it's bundled with PUP software.

    Any idea what it might get bundled with?



  • @BBigford said in Torch malware / browser?:

    If we're talking about the same Torch, it's not malware. It has a torrent client embedded in it so that might be throwing up a flag.

    Not to say it might be a phishing variant, or be compromised in another way. But the browser itself is fine (based on Chrome). Used it for a couple years before moving on.

    I saw that there is a split on whether or not it is technically "malware", but that's not as much my concern. I just need to be able to positively tell the customer that it didn't come from our side (and I'm feeling pretty confident in that it did not).

    And to my eyes, @BBigford, its behavior absolutely qualifies it as malware. Too much sneaky stuff going on when you use it, pop up ads all over the place, the use of the word "toolbar", etc, but I digress.


Log in to reply