If you’re on the hunt for the Meta Quest app for Windows, tread carefully! Experts have uncovered a sinister doppelgänger spreading adware and info-stealing malware.
Researchers from eSentire recently stumbled upon a fake Meta Quest website at oculus-app[.]com. This nefarious site is a near-perfect clone of the legitimate one, enticing visitors to download a compromised app loaded with malware.
This fraudulent site has managed to secure high rankings on search engines through cunning SEO poisoning techniques. Consequently, there’s a significant risk that users searching for Meta Quest will inadvertently land on this malicious site. Once they download the app and run the installer, it activates a Windows batch script that fetches additional scripts from a command-and-control (C2) server, ultimately delivering the final payload.
Ad Frenzy
The malware initially checks if Microsoft’s Edge browser is running and monitors the last user interaction. When the endpoint is idle for nine minutes, the script springs into action: opening new tabs, navigating to specific URLs, randomly scrolling pages, and injecting clicks. This frantic activity generates ad revenue for the malware’s operators.
Sneaky Screenshots and Stealthy Keystrokes
Dubbed AdsExhaust, this adware can take screenshots and simulate keystrokes. “The adware can exfiltrate screenshots from infected devices and interact with browsers using simulated keystrokes,” eSentire noted. “These capabilities allow it to automatically click through ads or redirect the browser to specific URLs, generating revenue for the operators.”
AdsExhaust is adept at staying hidden. If it detects mouse movements, indicating that a user is present, it swiftly closes the opened browser and creates an overlay to conceal its actions.
“AdsExhaust is an adware threat that cleverly manipulates user interactions and hides its activities to generate unauthorized revenue,” the researchers concluded. “It employs various techniques, such as retrieving malicious code from the C2 server, simulating keystrokes, capturing screenshots, and creating overlays to remain undetected while engaging in harmful activities.”
So, if you’re downloading the Meta Quest app, make sure you’re on the right site—because a nasty surprise might be just a click away!
