Researcher published a dangerous Windows 10 zero-day exploit

Researcher published a dangerous Windows 10 zero-day exploit

A security researcher today revealed at GitHub the existence of a zero-day vulnerability in Windows 10. Zero-day vulnerabilities are often called ...
Read More

School in Ohio fell victim to attack hacking with Trickbot

On Friday, a school in Ohio discovered he was hacked. In particular, malicious software infected systems and so ...
Read More

AMSA alerts users to phone frauds

AMSA has warned that it has received reports that its phone number has been used to make phishing via telephone ...
Read More
inet infosec

Does industrial robots increase the risk of cyber attacks?

The use of robots in industrial environments has greatly changed the conditions under which the various jobs are being done in the last ...
Read More

Cyber ​​warfare: What is it and which domains it affects?

The term cyber warfare refers to online warfare between governments by performing complex internet attacks. These carriers ...
Read More
Latest Posts

Malicious variation of Google Photos in the Microsoft Store

A malicious application called "Album by Google Photos" was found in the Microsoft Store today, pretending to be created by Google. So while it's supposed to be part of Google Photos, it's an ad clicker that automatically opens repeated hidden ads.

Google Photos

But quite a few are the users who have downloaded and used the application, and from the reviews that appear in the Microsoft Store, we understand that this is not an innocent application.

Album by Google Photos is a progressive web application that works like Google Photos, but with a built-in ad clicker. As the application runs, the hidden ad clicker loads ads and clicks on them, generating revenue for their developers.

The ad clicker add-on consists of 3 extra files that can be found in the application folder. The application names are 3D.dll, Block Craft 3D.exe and Block Craft 3D.xr.

When the application is run, the user must log in to his account. The form displayed appears to be Google's official form, and after checking we did not find that the application is stealing user credentials. However, we would not suggest connecting.

After the user logs in, the application connects to an address and downloads a configuration file containing settings such as the frequency of uploading ads. After the application reads the configuration file, it starts running. After running, ads are hidden, without the user being able to see them. This means when the ads lead to tech support scams, where they play sounds and say that the computer is infected, the user can hear it, but not see the page.

It is not yet known how Microsoft's security controls passed this application, but we hope it will be removed as soon as possible.

Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (, as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *