Meta Quest users targeted in Windows app scam — here’s what you need to know

Be careful when searching for Meta Quest apps, experts warn

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

If you’re looking for the Meta Quest app for Windows - be careful, as experts have found a malicious spoof version infecting endpoints with adware and infostealingmalware.

Rsearchers from eSentire revealed they recently observed a fake Meta Quest website, atoculus-app[.]com - a site, seemingly identical to the authentic version, which allows visitors to download the app, but bundled with malware.

The site has solid standings on search engines, thanks to differentSEOpoisoning techniques, the researchers said. As a result, there is a high chance users searching for Meta Quest will end up on the malicious site, instead - as once they download the app and run the installer, they will also get a Windows batch script which fetches a second batch script form the command-and-control (C2) server which ultimately retrieves a final batch file.

Viewing ads

Viewing ads

The malware will first check to see ifMicrosoft’s Edge browser is running, and checks when was the last time a user interacted with the browser. When the endpoint is idle for nine minutes, the script will open new tabs, navigate to certain URLs, scroll up and down the page randomly, and inject clicks. All of this results in ad revenue for the malware’s operators.

Furthermore, the adware, called AdsExhaust, can grab screenshots and simulate keystrokes, it was said.

“The adware is capable of exfiltrating screenshots from infected devices and interacting with browsers using simulated keystrokes,” eSentire said. “These functionalities allow it to automatically click through advertisements or redirect the browser to specific URLs, generating revenue for the adware operators.”

AdsExhaust is also relatively good at hiding, the researchers concluded. If it spots mouse movements (which means a user is at the computer), it will close the opened browser, and create an overlay to hide its actions.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“AdsExhaust is an adware threat that cleverly manipulates user interactions and hides its activities to generate unauthorized revenue,” the researchers concluded. “It contains multiple techniques, such as retrieving malicious code from the C2 server, simulating keystrokes, capturing screenshots, and creating overlays to remain undetected while engaging in harmful activities.”

ViaTheHackerNews

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

Australian Beach Volleyball Tour live stream: How to watch bronze and gold medal matches online for free, finals, start time