Cybersecurity researchers at eSentire have uncovered a sneaky new adware dubbed AdsExhaust, which cleverly disguises itself as a legitimate Oculus installer, tricking unsuspecting users into downloading it.
For your information, Oculus is a brand of virtual reality (VR) hardware and software products developed and produced by Oculus VR, a division of Meta Platforms (formerly Facebook Inc.
According to eSentire Threat Response Unit’s research, shared with Hackread.com, the malicious adware was found in June 2024, being distributed through a fake Oculus installer application.
The infection begins when a user searches for the Oculus application on a search engine (In this case, the search engine was Google), and stumbles upon malicious websites distributing AdsExhaust. Upon download and installation, instead of getting the desired Oculus software, users unknowingly unleash AdsExhaust onto their devices.
The user receives a ZIP archive with a batch script named “oculus-app.EXE” that retrieves an additional script and creates a backup.bat file. Three tasks are created to run the batch files at different times, and the legitimate Oculus application is downloaded from the browser.
Once installed, AdsExhaust steals user information and bombards unsuspecting users with unwanted advertisements, causing frustration and potentially compromising their privacy while generating unauthorized revenue. It can extract screenshots from infected devices and interact with browsers “using simulated keystrokes,” which is something that makes it unique and more dangerous.
“These functionalities allow it to automatically click through advertisements or redirect the browser to specific URLs, generating revenue for the adware operators,” researchers noted in their blog post.
Apart from simulating keystrokes, it retrieves malicious code and captures screenshots. Another interesting tactic it uses is creating overlays to remain undetected. AdsExhaust can also be programmed to shut down its browser activity if it detects user interaction with the mouse. This makes traditional detection methods less effective.
Moreover, if the Edge browser is running, it searches for the word “Sponsored” and attempts to interact with it to further increase ad revenue through fake clicks on sponsored ads. These activities can consume system resources, leading to sluggish device performance.
eSentire’s 24/7 SOC Cyber Analysts promptly isolated the host to contain the threat and informed the customer.
To protect yourself from AdsExhaust and similar threats, download software from official sources, be cautious of mimics, use reliable antivirus and anti-malware solutions, and stay informed about the latest cybersecurity threats. Always rely on official websites or trusted app stores, and pay close attention to downloaded file names and developer information before installing any software.
RELATED TOPICS
- How to hack a Facebook account with Oculus Integration
- Linked Oculus Accounts Trigger Facebook, Instagram Suspension
- Hackers manipulating Google searches to spread nasty Mac malware
- Victoria VR Becomes 1st Virtual Reality Developer to Integrate OpenAI
- Ad-blocker Chrome extension AllBlock injected ads in Google searches