KnowBe4: The world's largest security awareness training and simulated phishing platform
infosec

KnowBe4: The world's largest security awareness training and simulated phishing platform

KnowBe4 is the provider of the world's largest security awareness training and simulated phishing platform. Sales of KnowBe4 ...
Read More
infosec

What are the most common passwords? Risk of violation

Passwords are a matter that has been discussed many times. The National Security Center in the UK presented a ...
Read More
infosec

Windows Update: Caused problems with Sophos, Avira and Avast

9 April released the new Windows security update. However, it was noticed that after installing the update some ...
Read More
infosec

The Weather Channel Global Weather Channel was attacked by ransomware

The Weather Channel Global Weather Channel was attacked by ransomware resulting in the live broadcast being interrupted for about 90 minutes ....
Read More
infosec

A "hero" that stopped WannaCry is guilty of other criminal acts

A British computer security researcher was once described as a "hero" after helping to prevent a devastating explosion of WannaCry ransomware and ...
Read More
Latest Posts

Malicious variation of Google Photos in the Microsoft Store

A malicious application called "Album by Google Photos" was found in the Microsoft Store today, pretending to be created by Google. So while it's supposed to be part of Google Photos, it's an ad clicker that automatically opens repeated hidden ads.

Google Photos

But quite a few are the users who have downloaded and used the application, and from the reviews that appear in the Microsoft Store, we understand that this is not an innocent application.

Album by Google Photos is a progressive web application that works like Google Photos, but with a built-in ad clicker. As the application runs, the hidden ad clicker loads ads and clicks on them, generating revenue for their developers.

The ad clicker add-on consists of 3 extra files that can be found in the application folder. The application names are 3D.dll, Block Craft 3D.exe and Block Craft 3D.xr.

When the application is run, the user must log in to his account. The form displayed appears to be Google's official form, and after checking we did not find that the application is stealing user credentials. However, we would not suggest connecting.

After the user logs in, the application connects to an address and downloads a configuration file containing settings such as the frequency of uploading ads. After the application reads the configuration file, it starts running. After running, ads are hidden, without the user being able to see them. This means when the ads lead to tech support scams, where they play sounds and say that the computer is infected, the user can hear it, but not see the page.

It is not yet known how Microsoft's security controls passed this application, but we hope it will be removed as soon as possible.

Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *