Fake codecs that drop widely spread malware

Victims get tricked into installing trojans, other malware that spreads via fake codecs.[1] Ransomware[2] is one of the types that can also be distributed using such a method. Researchers always find various malware that spreads using fake codecs and can disable antivirus products to make users believe that the tool is still running and keeping the system safe while the malware runs its processes.

Such malware that spreads around with the help of fake codecs can also find its way on macOS devices.[3] Reports have surfaced a few times in the last decade or so that malware versions posing as false ActiveX objects were found on various sites. Social engineering[4] is also the method used in such campaigns.

There are also many pop-up scams that can run via deceptive sites and claim about the codecs needed or updates that your system requires, so the attempt of downloading or installing the piece ends up with the malware installation. “There is a new Codec Pack Version” messages are not real and developers are not using such pop-ups to remind people about particular updates. Do not fall for such tricks.

These are the 24 new sites known for distributing harmful codecs have been discovered. DO NOT TRUST any of these codecs and DO NOT GO to any of these sites:

dvd codec – dvdcodec [dot] net
Emcodec – emcodec [dot] com
Emedia Codec – emediacodec [dot] com
Imedia Codec – imediacodec [dot] com
iCodecPack – icodecpack [dot] com
Intcodec – intcodec [dot] com
Media-Codec – media-codec [dot] com, mediacodec [dot] net, media-codec [dot] net
Movscodec – movscodec [dot] com
Mpgcodec – mpgcodec [dot] com
Nvidcodec – nvidcodec [dot] com
Pcodec – pcodec [dot] com
Player Codec – playercodec [dot] net
Svideocodec – svideocodec [dot] com
V-codec – vcodec [dot] com, v-codec [dot] com, vcodecdownload [dot] com, vcodec-download [dot] com, vcodecget [dot] com, vcodec-get [dot] com, vcodecpull [dot] com
Vicodec – vicodec [dot] com
Vidcodec – vidcodec [dot] com
Vidscodec – vidscodec [dot] com
zCodec – zcodec [dot] com

Why those sites have not been shut down yet? That’s a good question. Some of them might be shut down and then renewed after a while or created with a little change like a typo or a number in the URL, so it appears unaltered. Everybody knows they are bad, but the hosting companies on which servers they are, do nothing at all.

It seems that fake codecs will keep deceiving Internet users for quite a long time. The more time we spend online the more misleading and deceptive content we encounter on the daily basis. These sites are not the only ones that act the same and spread malware using false statements. You can encounter tons of different ones, so pay attention to details and do not click on the random download button or pop-up.

Another problem with fake codecs is that new sites appear continuously, and the old ones often change addresses, so it is quite difficult to block all of them without cutting off access to legitimate websites hosted at the same web hosting companies.

Still and all, each Internet user should beware of fake codecs for Windows Media Player or any other application. NEVER download any codecs that you didn’t hear about. Even if you did, check twice before running the file. Moreover, it is highly recommended to avoid any codecs at all.

If Windows Media Player cannot play your favorite movie, get VLC media player, a popular and free program that supports all common video and audio formats and does not require any additional codecs or plug-ins.

About the author
Lucia Danes
Lucia Danes - Virus researcher

Lucia is a News Editor for 2spyware. She has a long experience working in malware and technology fields.

Contact Lucia Danes
About the company Esolutions