Avoid downloading untrustworthy content promoted by s3.amazonaws.com

What is s3.amazonaws[.]com?

The s3.amazonaws[.]com website has been identified as proliferating a variety of unwanted and malicious content. It is hosted by Amazon AWS (Amazon Web Services), a legitimate service intended to provide various IT-related resources/functionalities, however, it is commonly misused by cyber criminals to host malicious sites.

These web pages are then used to spread Potentially Unwanted Applications (PUAs) such as fake system cleaners/optimizers, adware, and browser hijackers, and also malware including ransomware, trojans, etc. This website generates redirects to various other rogue web pages.

One researched variant of s3.amazonaws[.]com operates by promoting a fake Adobe Flash Player updater, which in turn can be used to infiltrate systems with the aforementioned content. People often enter s3.amazonaws[.]com unintentionally when they are redirected by intrusive advertisements or PUAs already infiltrated into the device.

The researched variant of s3.amazonaws[.]com displays a pop-up window, which claims that the latest updates to Flash Player are ready to install. Users are urged to click "OK" to download the updates. The background reiterates that updates are ready for installation. It emphasises that the latest version must be installed for optimal performance.

For example, to enable video and audio media and to play online games. Clicking any of the consent options will download the fraudulent updates. Installing them will not update Adobe Flash Player - instead, it will allow untrustworthy/malicious content onto the system.

Fake software updaters are known to be used for PUA and malware proliferation. Trusting sites making similar claims and/or installing third party updaters is likely to lead to system infiltration and infections, and endanger user safety.

PUAs are one of the main causes of redirects to scam web pages. These apps can generate redirects to sale-based, untrustworthy, rogue, deceptive and malicious sites. They can also run intrusive advertisement campaigns. I.e., deliver unwanted, harmful ads that can diminish the browsing experience.

The ads can cause redirects to likewise dangerous sites and stealthily download/install unwanted content. Other PUAs hijack browsers by making unauthorized changes, limiting/denying access to their settings and promoting fake search engines. Rogue system cleaners/optimizers are yet another type of unwanted application.

These apps require activation to become operational (i.e., they require purchase to work), however, despite being activated, they remain nonoperational.

Regardless of their specifications, most PUAs have data tracking capabilities, which they use to monitor browsing activity (browsing and search engine histories) and gather users' personal information (IP addresses, geolocations and other details). This private data is typically shared with third parties (often, cyber criminals) seeking to misuse it for profit.

In summary, PUAs generate revenue for the developers and can cause system infiltration/infections, lead to serious privacy issues, financial loss and even identity theft. To ensure device and user safety, remove all suspicious applications and browser extensions/plug-ins immediately upon detection.

Threat Summary:

Name	s3.amazonaws.com redirect virus
Threat Type	Phishing, Scam, Mac malware, Mac virus.
Fake Claim	Scam claims visitors need to install the latest version of Flash Player.
Detection Names (fake updater)	Avast (MacOS:Bundlore-CJ [Adw]), BitDefender (Adware.MAC.Bundlore.DXI), ClamAV (Unix.Malware.Agent-7425891-0), Kaspersky (Not-a-virus:HEUR:AdWare.OSX.Bnodlero.x), Full List (VirusTotal)
Promoted Unwanted Application	Scam promotes a fake software updater.
Symptoms	Your Mac becomes slower than normal, you see unwanted pop-up ads, you are redirected to dubious websites.
Distribution methods	Deceptive pop-up ads, free software installers (bundling), fake Flash Player installers, torrent file downloads.
Damage	Internet browser tracking (potential privacy issues), display of unwanted ads, redirects to dubious websites, loss of private information.
Malware Removal (Mac)	To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. ▼ Download Combo Cleaner for Mac To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

bambootornado.pw, yourfine4upgradefree.best, and mainsiteofupgradenow.best are some examples of similar scams. These websites claim that visitors' Flash Players are outdated, but this simply a scam model. Deceptive web pages can make fraudulent claims about threats/issues on the device, offer 'amazing' deals, bogus prizes, and so on.

These methods are social engineering and scare tactics. These schemes are used to encourage users into downloading and installing untrustworthy/malicious content, purchasing dubious/nonoperational products, making expensive calls, paying for bogus services, revealing personal and sensitive information (e.g. banking credentials), and for many other purposes.

The underlying goal of these scams is to generate profit for their designers.

How did potentially unwanted applications install on my computer?

PUAs usually infiltrate devices without permission and downloaded/installed together with other products. This deceptive marketing technique of pre-packing regular software with unwanted or malicious content is called "bundling".

Rushing download/installation processes (e.g. ignoring terms, skipping steps, etc.) increases the risk of inadvertently allowing bundled applications onto systems. Some of these applications have "official" download pages, which are often promoted by deceptive/scam websites. When clicked, intrusive advertisements can execute scripts to stealthily download/install PUAs.

How to avoid installation of potentially unwanted applications

Content should be researched carefully prior to being downloaded/installed. Use only official and verified download sources. P2P sharing networks (BitTorrent, Gnutella, eMule, etc.), free file-hosting sites and other third party downloaders are untrustworthy and should be avoided.

Products should be updated using functions/tools provided by legitimate developers, and not obtained from third parties. Treat download/Installation processes with caution. Read the terms, explore all available options, use the "Custom/Advanced" settings and decline any offers to download/install supplementary apps, tools, features and so on.

Intrusive ads typically seem normal and harmless, however, they can redirect to dubious web pages (e.g. gambling, pornography, adult-dating and others).

If you experience ads/redirects of this kind, inspect the device and remove all suspect applications and/or browser extensions/plug-ins without delay. If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate them.

Text presented in the pop-up window:

The Latest Version of Flash Player is Ready to Install.
Click ok to Download.

Text presented in the background of the web page:

Your Flash Player is ready to install
Run all your video, audio and games online
Update the latest version for optimal performance
Install

Appearance of the scam hosted on s3.amazonaws[.]com (GIF):

Screenshot of the fake Flash Player updater installation setup:

Another scam website hosted using s3.amazonaws.com service:

Text presented within this site:

Update Required

 

Update the latest version of Flash Player for Optimal Performance.

UPDATE NOW

Appearance of this site (GIF):

Another pop-up scam promoted using Amazon AWS service:

Text presented within this site:

Software Update

New update is available for your computer.

Your OS might need Flash Player for HD Support.
Please update your Flash Player to continue.

Install Name Version Size
V Media Player Mac OS X 0.6M

Note: The version of your player on your system downs not include the latest updates.
To continue, download an updated version.

Installing takes under a minute - No restart is required.

Installer promoted via this scam page:

Yet another pop-up scam promoted using Amazon AWS service:

Text presented within this page:

Flash Player update is available for your computer
Older versions of Flash Player are vulnerable to online threats, you'll want to make sure you're always using the most recent version. If you're not running the most recent version, you might see an error message instead of your content.

Flash Player supports several data formats, including XML, JSON, AMF, and SWF. Multimedia formats supported by the Flash Player include mp3, FLV, PNG, JPEG, GIF, and RTMP, among others.

Version Update: The newest version of Flash Player enables greater security and privacy controls with protected HTTPS Dynamic Streaming (HDS). Other features include webcam support, accelerated graphics rendering, multithread video decoding, and improved software for high-end performance.

Update Now
Terms and Conditions Privacy Policy

Screenshot of a deceptive installer promoted via this scam:

Instant automatic Mac malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner for Mac By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

• What is "s3.amazonaws[.]com"?
• STEP 1. Remove PUA related files and folders from OSX.
• STEP 2. Remove rogue extensions from Safari.
• STEP 3. Remove rogue add-ons from Google Chrome.
• STEP 4. Remove potentially unwanted plug-ins from Mozilla Firefox.

Video showing how to remove adware and browser hijackers from a Mac computer:

Potentially unwanted applications removal:

Remove potentially unwanted applications from your "Applications" folder:

Click the Finder icon. In the Finder window, select "Applications". In the applications folder, look for "MPlayerX","NicePlayer", or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.

Remove adware-related files and folders

Click the Finder icon, from the menu bar. Choose Go, and click Go to Folder...

Check for adware generated files in the /Library/LaunchAgents/ folder:

In the Go to Folder... bar, type: /Library/LaunchAgents/

In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.

Check for adware generated files in the ~/Library/Application Support/ folder:

In the Go to Folder... bar, type: ~/Library/Application Support/

In the "Application Support" folder, look for any recently-added suspicious folders. For example, "MplayerX" or "NicePlayer", and move these folders to the Trash.

Check for adware generated files in the ~/Library/LaunchAgents/ folder:

In the Go to Folder... bar, type: ~/Library/LaunchAgents/

In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.

Check for adware generated files in the /Library/LaunchDaemons/ folder:

In the "Go to Folder..." bar, type: /Library/LaunchDaemons/

In the "LaunchDaemons" folder, look for recently-added suspicious files. For example "com.aoudad.net-preferences.plist", "com.myppes.net-preferences.plist", "com.kuklorest.net-preferences.plist", "com.avickUpd.plist", etc., and move them to the Trash.

Scan your Mac with Combo Cleaner:

If you have followed all the steps correctly, your Mac should be clean of infections. To ensure your system is not infected, run a scan with Combo Cleaner Antivirus. Download it HERE. After downloading the file, double click combocleaner.dmg installer. In the opened window, drag and drop the Combo Cleaner icon on top of the Applications icon. Now open your launchpad and click on the Combo Cleaner icon. Wait until Combo Cleaner updates its virus definition database and click the "Start Combo Scan" button.

Combo Cleaner will scan your Mac for malware infections. If the antivirus scan displays "no threats found" - this means that you can continue with the removal guide; otherwise, it's recommended to remove any found infections before continuing.

After removing files and folders generated by the adware, continue to remove rogue extensions from your Internet browsers.

Remove malicious extensions from Internet browsers

Remove malicious Safari extensions:

Open the Safari browser, from the menu bar, select "Safari" and click "Preferences...".

In the preferences window, select "Extensions" and look for any recently-installed suspicious extensions. When located, click the "Uninstall" button next to it/them. Note that you can safely uninstall all extensions from your Safari browser - none are crucial for regular browser operation.

• If you continue to have problems with browser redirects and unwanted advertisements - Reset Safari.

Remove malicious extensions from Google Chrome:

Click the Chrome menu icon (at the top right corner of Google Chrome), select "More Tools" and click "Extensions". Locate all recently-installed suspicious extensions, select these entries and click "Remove".

• If you continue to have problems with browser redirects and unwanted advertisements - Reset Google Chrome.

Remove malicious extensions from Mozilla Firefox:

Click the Firefox menu (at the top right corner of the main window) and select "Add-ons and themes". Click "Extensions", in the opened window locate all recently-installed suspicious extensions, click on the three dots and then click "Remove".

• If you continue to have problems with browser redirects and unwanted advertisements - Reset Mozilla Firefox.

▼ Show Discussion