Security researchers have confirmed the unauthorized installation of proxyware on systems through advertisement pages from freeware software sites. The proxyware, identified as DigitalPulse, allows threat actors to share a portion of the system's Internet bandwidth for financial gain without user consent. The campaign involves a downloader disguised as an auto-clicker program that employs various anti-analysis techniques. It ultimately installs DigitalPulse proxyware, signed with a Netlink Connect certificate, through a series of PowerShell and JavaScript routines. Users are advised to exercise caution when installing executable files from untrusted sources to prevent such infections.