OneLaunch Malware
M
Michael LaBonte
You don't currently detect the very common browser hijacker and adware known as OneLauch. I contacted support and was told you don't plan on doing so as it doesn't currently do anything more severe like provide remote access or execute commands.
However, it installs itself through deceptive means through scareware advertisements. It makes itself very hard to remove and recreates links to itself when deleted. It serves up further scareware ads that other firms have said are linked to account compromises. It spreads through shared environments such as RDS servers and causes serious functionality issues. It also is detected by competing EDR solutions such as Crowdstrike.
I implore you to reconsider and start detecting it.
Thank you!
T
Tristan
Pretty wild this isn't detected.
T
Treb Roberts
No legitimate business should ever let their users use OneLaunch for their browser. As Michael stated it is often downloaded by users unknowingly when they download things like PDF manuals. At the very least we should be alerted so we can take appropriate action.
R
Ryan Sipes
I've heard the same response. I've seen it leave memory pinned at 100% and stop the Huntress agent from running for nothing and still nothing. Kind of disappointing because it seems like the sort of bread and butter that Huntress was created to detect. Has persistence mechanisms, etc. And just because it doesn't do anything malicious now, why are we to trust it to not in the future?
At least maybe give us the option to alert on PUPs like this? Maybe treat them similarly to unsecured credentials if you're not going to alert on it and at least show me in a dashboard somewhere?