Deceiving domain - dongtaiwang.com

Dongtaiwang.com is a news site directed to Chinese users. Additionally, it pushes a potentially unwanted program - Freegate VPN that should let users bypass strict censorship implementations set by the government. The app is available for Windows and Android operating systems.

VPN changes local DNS and proxy settings in order to allow the otherwise-forbidden connections to the world wide web. However, the app from Dongtaiwang.com also acts as a browser hijacker on Google Chrome, Mozilla Firefox, Safari, Internet Explorer, Opera, or another browser and changes web browser settings. Users are then often redirected to Dongtaiwang.com and other insecure sites, shown ads on all visited websites, and are tracked by the inserted cookies inside their browsers.

In some cases, Dongtaiwang.com might host links to phishing or scam websites, and also promote a trojanized version of the app, which would install Tearspear and Rapidstealer malware on the device. These malware apps are a developer for sensitive and personal information tracking - a complete opposite of what a VPN is designed to do.

Name	Dongtaiwang.com
Type	Potentially unwanted program, browser hijacker, Trojan
Prevalence	China
Developer	Dynamic Internet Technology, Inc
Aim	To make users download a VPN program that can allegedly help hide their identity from the Chinese government and allow them to access forbidden sites. However, the app is a browser hijacker that specializes in redirects, ads and might also be equipped with a Trojan functionality to steal sensitive data from the device
Associated download files	phome.gz, fgp.zip, fg768p.zip, Freegate.exe, FreegateX.exe, DynaPass.exe
AV analysis	2 engines recognize the installer from the site as malicious on Virus Total

dongtaiwang.com violations

ACR-109: The URL automatically initiates a download of "phome.gz" zipped file of unknown contents

2CR-015: Is recognized as malicious by two AV vendors on Virus Total