Riskware/OpenCandy

description-logoAnalysis


Riskware/OpenCandy is a generic detection for a type of grayware that downloads and installs other potentially unwanted software. Since this is a generic detection, files that are detected as Riskware/OpenCandy may vary in the unwanted software it is trying to download. One of the applications that we have seen it download is The Weather Channel.

  • It performs DNS query to the following name:
    • api.opencandy.com

  • Below is a screenshot of the traffic packets made by this installer:

    • Figure 1: DNS query.

recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
Extended
FortiClient
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date Version Detail
2024-03-28 92.02847
2024-03-27 92.02844
2024-03-27 92.02836
2024-03-27 92.02831
2024-03-27 92.02821
2024-03-27 92.02816
2024-03-26 92.02815
2024-03-26 92.02812
2024-03-26 92.02811
2024-03-26 92.02810