Red Sheriff is Back! Threatening Major US Business and News Websites and Their Customers

Publishers worldwide should be aware of data breaches and significant loading performance slowdown.

Feb 16, 2016, 08:00 ET from Namogoo

SAN FRANCISCO, February 16, 2016 /PRNewswire/ --

The "Red Sheriff" spyware has been around for a long time. But according to research conducted by cyber-security company Namogoo, it's still alive, kicking, and stronger than ever. In its earlier days, Red Sheriff was mainly associated with tracking and analyzing user behavior, causing a significant slowdown to users' devices. Unlike most conventional spyware, Red Sheriff is loaded as a Java applet. Once loaded, it sends back information to its owner. Savvy users tried to remove Red Sheriff's cookie from their browsers, but most users were not even aware of the underlying reason behind their poor experience, especially as anti-viruses are not designed to protect against these type of malware and spyware.

In Red Sheriff's most recent evolution, it creates a deep and extensive threat which should make publishers extremely worried. Similar to other "tracker"-type malwares, Red Sheriff sits on top of the browser, allowing it to remain completely invisible to server-side security shields, and tracks every single action the user makes on the browser. Why is this relevant to publishers? First, Red Sheriff tracks and analyzes users' activities, learning about their habits and online behavior and leveraging it elsewhere, posing a major threat to users' privacy as they browse. Second, Red Sheriff crawls through websites, tracking the content and information displayed and sending back the actual data. Bundled together, these spyware activities cause a significant loading performance slowdown. For publishers, who monetize on their brand, content and valuable data, this is a major issue.

Some evidence also indicates that Red Sheriff is behind unauthorized ad injections, that are placed on publishers' websites without their approval. Ad injections, as many other types of client-side injected malware, not only create a severe distraction to the customer journey and lure customers away to rival websites, but also cause a massive manipulation of the page layout and integrity damaging the customer journey, trust and loyalty. Ad injections often include video components which weigh heavily on the website's loading performance and overall customer experience. And as if that wasn't bad enough, ad injections may contain inappropriate content (porn, gambling, etc.) as well as malvertising (ads that lure users to download additional malware) that exploit the website's brand and customer loyalty to help hackers expand their malware networks.


Namogoo Technologies is a cyber security company, funded by top-tier VCs, with offices in San Francisco, London, Singapore and Tel Aviv, offering enterprise-grade solutions to protect online publishers from Client-Side Injected Malware (CSIM). 15%-30% of online users are infected with CSIM that they unintentionally download to their computer and devices.  Namogoo was founded with the goal of eliminating CSIM at the publisher's website level, blocking unapproved ads, pop-ups, scripts and more.  Based on patented machine learning technology, Namogoo detects anomalies for 'zero-day' attacks for both web and mobile devices.

Media inquiries:
Shira Sarid-Hausirer, Namogoo

SOURCE Namogoo