New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research

Search

Album by Google Photos

A new adware app has been discovered on the Microsoft store called Album by Google Photos. The app is a free progressive web app (PWA) that claims to be part of Google photos. When the app is running, it will repeatedly connect to remote hosts while displaying ads in the background. Album by Google Photos consists of three files in the app’s folder which are Block Craft 3D.dll, Block Craft 3D.exe and Block Craft 3D.xr. Once opened, a legitimate Google login page will appear. The app connects to “http://11k.online/Ad/constants/9n0wkj6hpz86.json” in the background and downloads a configuration file which includes settings for how often ads will be displayed, URLs to the ad pages, and more. Once the file is read, it connects to different “AdBanner” URLs and then displays them in the background. The ads include fake Java and Flash installers, tech support scams, blogs that are buying traffic, pages pushing unwanted Google Chrome extensions, and other low-quality websites. Although Microsoft has been informed about the app, it still remains on the Microsoft store at the time of writing this article.