At Kaspersky, we call such programs Hoax \u2014 software that intentionally misleads the user<\/em>. Here are some examples of verdicts that Kaspersky products<\/a> assign to such programs:<\/p>\n After installation, Hoax programs run a system scan. They scan everything that legitimate cleaners do. After the scan, the user sees a window with information about issues detected.<\/p>\n And that\u2019s the main problem with this breed of software. The user is shown intimidating messages about the supposedly huge number of errors found in the system. Here is an example of a \u201ccleaner\u201d that overplays potential problems with registry keys:<\/p>\n Example of a cleaner exaggerating the significance of potential problems with registry keys<\/p><\/div>\n Or the tool might find some real bugs, but then overstate the level of importance through deceptive language. For example, in this driver updater, the driver status varies from \u201cold\u201d to \u201cancient\u201d:<\/p>\n This tool rates the driver version installed in the system as \u201cold,\u201d \u201cvery old,\u201d or \u201cancient\u201d<\/p><\/div>\n Some programs refuse to close immediately when the user clicks the little x, instead displaying another window with the intimidating message \u201cDamage level: high.\u201d<\/p>\n Attempting to close the program causes another intimidating window to appear<\/p><\/div>\n Hoax programs also like to add themselves to autorun and flood the user with pop-up notifications that something is wrong with the computer.<\/p>\n Hoax pop-up notification<\/p><\/div>\n Hoax programs are not restricted to the Windows ecosystem. Here is an example of one for MacOS, with mildly high log\/cache usage is reported as critical.<\/p>\n Example of a Hoax in MacOS<\/p><\/div>\n To resolve the issue, the user is told to acquire the full version of the software. When the full version is purchased, many of these programs really do rid the computer of what they found, but the need for such services is overstated, as mentioned above. Some Hoax programs may not clean the computer at all. So at best the user overpays, and at worst, they get nothing for their money.<\/p>\n In their greed, some creators of fraudulent cleaners go a step further and, in addition to their own handiwork, install other programs on the user\u2019s computer. It\u2019s usually adware, but in some cases, it can be a Trojan.<\/p>\n For example, getting mixed up with a Hoax utility could result in a user\u2019s computer being partially blocked. The program pictured below expands to full screen, overlaps the toolbar, and blocks attempts to switch between programs by pressing Alt+Tab and to get back by pressing F11.<\/p>\n A screen blocking the computer with the option to open remote access<\/p><\/div>\n Next, the user is prompted to enter a code to unblock the computer (which, of course, they do not have), or to open remote access to it through TeamViewer, AnyDesk, or other remote access programs whose icons are placed conveniently at the right of the window.<\/p>\n\n Hoax developers\u2019 target audience is inexperienced home users not very familiar with device operating systems or concerned about \u201ctaking out the trash\u201d and updating the system.<\/p>\n When the computer starts to slow down noticeably, many users search online for solutions and may pick up a Hoax app if they are not careful.<\/p>\n But there is also another distribution method. A Hoax is sometimes acquired through promotional offers or scam Web pages. An adware-based infection might look as follows:<\/p>\n Example of an infection through adware offering to speed up the computer<\/p><\/div>\n You may also encounter fraudulent pages offering cleanup\/speed-up \u201cservices\u201d when visiting dubious websites. For example, this page displays a notification that spyware was detected on the computer.<\/p>\n Example of a page mimicking a Microsoft site and scaring the user with viruses<\/p><\/div>\n Usually, the user is prompted either to call \u201ctechnical support\u201d (where money is extorted verbally), or to download a Hoax utility. Don\u2019t trust such pages for one second \u2014 just close them immediately.<\/p>\n\n Another increasingly common way to spread Hoax software is through browser pop-up notifications, which some users agree to for without thinking. Browser push notifications are now very popular (including among scammers), and they are starting to cause many user headaches.<\/p>\n Not everyone understands how they work, where they come from, and how to disable them. Sometimes users are not even aware these notifications come through their browser, and that they may come from websites with less-than-pure intentions.<\/p>\n Browser notifications redirecting users to download a Hoax utility<\/p><\/div>\n After clicking such notifications, users are taken to fraudulent pages masked as security components. Here is an example of a fraudulent website simulating the Windows Defender interface:<\/p>\n Fraudulent page simulating the Windows Defender interface<\/p><\/div>\n Once the user is sufficiently spooked by all the apparent problems with their computer, they are redirected to a Hoax download page.<\/p>\n\n
How Hoax programs work<\/h3>\n
![\"Example](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/36\/2019\/06\/19163829\/what-is-hoax-report-scr1.png\")
<\/a>![\"This](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/36\/2019\/06\/19163835\/what-is-hoax-report-scr2.png\")
<\/a>![\"Attempting](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/36\/2019\/06\/19163840\/what-is-hoax-report-scr3.png\")
<\/a>![\"Hoax](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/36\/2019\/06\/19163845\/what-is-hoax-report-scr4.png\")
<\/a>![\"Example](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/36\/2019\/06\/19163853\/what-is-hoax-report-scr5.png\")
<\/a>Bundled adware and the chance to win a Trojan<\/h3>\n
![\"A](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/36\/2019\/06\/19163859\/what-is-hoax-report-scr6.jpeg\")
<\/a> How a Hoax penetrates the computer<\/h3>\n
![\"Example](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/36\/2019\/06\/19163908\/what-is-hoax-report-scr7.png\")
<\/a>![\"Example](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/36\/2019\/06\/19163925\/what-is-hoax-report-scr8.png\")
<\/a>![\"Browser](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/36\/2019\/06\/19163931\/what-is-hoax-report-scr10.png\")
<\/a>![\"Fraudulent](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/36\/2019\/06\/19163936\/what-is-hoax-report-scr11.png\")
<\/a>
![\"Hoax](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/36\/2019\/06\/19163940\/what-is-hoax-report-scr12.png\")
<\/a>