Crossrider offers a highly configurable method for its clients to monetize their software. The common method to infect end-users is software bundlers. The installers usually resort to browser hijacking. Targeted browsers are Internet Explorer, Firefox, Chrome, and sometimes Opera. Crossrider not only targets Windows machines but Macs as well.
PUP.Optional.Crossrider installs are typically triggered by bundlers that offer software you might be interested in and combine them with adware or other monetizing methods.
According to Malwarebytes and many other reputable online security websites, Crossrider was hiding malware in software bundlers, which would then infect the user’s computer with “adware or other monetizing methods”.
While some may dismiss this as old “history”, recent articles from 2018 illustrate how Crossrider malware is still deceiving users and infecting computers with fake Adobe Flash updates:
With such a troubling history, it appears that the parent company attempted to distance itself from its own past. In 2018, Crossrider decided to change its name to Kape Technologies.
As the CEO admitted here, the name change was an attempt to distance Kape from shady “past activities”:
The decision to rename the company, explains Erlichman was due to the strong association to the past activities of the company as well as the need to enhance the consumer facing brand for the business.
CyberGhost even hinted at this ironic conflict of interest in their blog post:
While CyberGhost focused on privacy and security from day one, Crossrider started out as a company that distributed browser extensions and developed ad tech products. Quite the opposite of what we did.
Reading through the Terms and Conditions, I did find this excerpt:
You understand that CyberGhost undertakes no responsibility for your actions. In case of statutory violations by the user, Crossrider may cooperate with public or private authorities at its sole discretion as provided by law.
This is “lawyer speak” for saying that the parent company can and will cooperate with third parties when it deems necessary.
So yeah, Shady as hell parent company, based purely on them now owning PIA, i would not trust PIA to keep your data safe