Meta Quest users targeted in Windows app scam — here's what you need to know
Be careful when searching for Meta Quest apps, experts warn
If you’re looking for the Meta Quest app for Windows - be careful, as experts have found a malicious spoof version infecting endpoints with adware and infostealing malware.
Rsearchers from eSentire revealed they recently observed a fake Meta Quest website, at oculus-app[.]com - a site, seemingly identical to the authentic version, which allows visitors to download the app, but bundled with malware.
The site has solid standings on search engines, thanks to different SEO poisoning techniques, the researchers said. As a result, there is a high chance users searching for Meta Quest will end up on the malicious site, instead - as once they download the app and run the installer, they will also get a Windows batch script which fetches a second batch script form the command-and-control (C2) server which ultimately retrieves a final batch file.
Viewing ads
The malware will first check to see if Microsoft’s Edge browser is running, and checks when was the last time a user interacted with the browser. When the endpoint is idle for nine minutes, the script will open new tabs, navigate to certain URLs, scroll up and down the page randomly, and inject clicks. All of this results in ad revenue for the malware’s operators.
Furthermore, the adware, called AdsExhaust, can grab screenshots and simulate keystrokes, it was said.
"The adware is capable of exfiltrating screenshots from infected devices and interacting with browsers using simulated keystrokes," eSentire said. "These functionalities allow it to automatically click through advertisements or redirect the browser to specific URLs, generating revenue for the adware operators."
AdsExhaust is also relatively good at hiding, the researchers concluded. If it spots mouse movements (which means a user is at the computer), it will close the opened browser, and create an overlay to hide its actions.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
"AdsExhaust is an adware threat that cleverly manipulates user interactions and hides its activities to generate unauthorized revenue," the researchers concluded. "It contains multiple techniques, such as retrieving malicious code from the C2 server, simulating keystrokes, capturing screenshots, and creating overlays to remain undetected while engaging in harmful activities."
Via TheHackerNews
More from TechRadar Pro
- These Android apps are nothing but adware, but have been installed over 2 million times already - so uninstall now
- Here's a list of the best firewalls around today
- These are the best endpoint security tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.