Riskware/OpenCandy

description-logoAnalysis


Riskware/OpenCandy is a generic detection for a type of grayware that downloads and installs other potentially unwanted software. Since this is a generic detection, files that are detected as Riskware/OpenCandy may vary in the unwanted software it is trying to download. One of the applications that we have seen it download is The Weather Channel.

  • It performs DNS query to the following name:
    • api.opencandy.com

  • Below is a screenshot of the traffic packets made by this installer:

    • Figure 1: DNS query.

recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
Extended
FortiClient
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date Version Detail
2023-12-04 91.09411
2023-12-04 91.09406
2023-12-03 91.09392
2023-11-30 91.09310
2023-11-30 91.09282
2023-11-29 91.09275
2023-11-29 91.09265
2023-11-28 91.09250
2023-11-28 91.09236
2023-11-28 91.09235