





4





97 Shares

Microsoft Store was found to be hosting a malicious app called “Album by Google Photos” which was pretending to be as part of Google Photos but was actually an ad clicker that spawns hidden adverts in the Windows 10 Operating System.

The application claimed that it has been created by Google LLC by also providing the description as: “Finally Photos App as Smart as You”. Although the reviews for the application are not good and many users have commented that it was a fake application with comments such as: “Fake, Don’t install Microsoft didn’t bother to remove the application from the Store”.

What was the Application?

The Album for Photos is a Progressive Web Application (PWA) which also acts as the front end for Google Photos which has also been bundled with an Ad-clicker. The apps run in the background by clicking the ads continuously in the background which in turn generates the revenue for developers of the application.

There are Application components such as the Craft 3D.dll, Block Craft 3D.exe and Block 3D.xr. The Album from the Google Photos application will greet the user with a Legitimate Login Screen.

The application tries to connect to the URL: http://11k.online/Ad/constants/9n0wkj6hpz86.json which actually contains the setting to the configuration file that is required to run ads and also the data that is required to run the advertisements.

What happens after the app was installed?

since reading the configuration file, the application connects to various Adbanner URLs and clicks such ads. All the clicks are performed in the backend with the application clicks not displayed to the user. When testing the ad URLs from the configuration file, advertisements that were presented were very similar to what we would see from adware. These ads included tech support scams, tons of pages pushing undesired Chrome extensions, fake Java and Flash installers, blogs who are buying traffic, and other low-quality sites.

It was never thought this application could pass the review process of Microsoft, we are still waiting for them to comment