https://it.slashdot.org/story/18/03/09/1728209/downloads-of-popular-apps-were-silently-swapped-for-spyware-in-turkey-citizen-lab
It is SOP in many Middle East countries for the gov. to intercept Internet communications. I know Saudi Arabia does it. This is the first I have heard of Turkey to it. But the guy in charge is getting increasingly dictatorial. Much much more detail on Middle East deep packet inspection using Sandvine here: https://citizenlab.ca/2018/03/bad-t...vices-deploy-government-spyware-turkey-syria/
State-sponsored hacking is one good reason to use the Microsoft Store for your apps https://mspoweruser.com/state-spons...son-to-use-the-microsoft-store-for-your-apps/
Except in the case where Win 10 S was hacked in 3 hours after its introduction: https://fossbytes.com/windows-10-s-hacked-3-hours-macros/
Internet Provider Redirects Users in Turkey to Spyware: Report https://www.securityweek.com/internet-provider-redirects-users-turkey-spyware-report
But downloading apps from MS Store is probably secure (downloads from MS Store are probably signed, I guess). I hate to say it, but Windows S is probably protected against this particular attack. It would be interesting whether Chocolatey (3rd party package manager for Windows) is also properly protected by signed hashes. Packages for major Gnu/Linux distributions also check signed by distribution's developer team, so they are also protected against this specific attack, at least if somebody is using only packages from official repository. It is usually not enforced, but users are strongly urged to use only official repository for downloading packages.
I didn't completely understand. Did they get redirected to a fake downloading site, or did they click on legit download links and then got redirected to malware bundled with legit apps? Scary stuff, and it also shows why it's important to even monitor trusted apps during install. Would be interesting to know if the malware did operate as child processes of Avast and CCleaner.
That's too technical for me. But if I understood correctly, you will invisibly get directed to malware infested versions.
Burned malware returns, according to Cylance: is Hacking Team responsible? October 23, 2018 https://www.cso.com.au/article/6486...says-cylance-report-hacking-team-responsible/