When PUPs Grow Fangs: Dragon Boss Solutions' $10 Supply Chain Risk

**Executive Summary:** Huntress analyzed a global adware/PUP campaign by Dragon Boss Solutions LLC where a signed updater mechanism silently delivered a PowerShell AV-killer (ClockRemoval.ps1), used WMI subscriptions and scheduled tasks for persistence, disabled and blocked security products, and relied on an unregistered primary update domain (chromsterabrowser.com) that could allow arbitrary payload distribution; sinkhole telemetry observed 23,565 unique infected hosts across 124 countries, including high-value networks.