Cybersecurity experts at eSentire have come across a devious new adware known as AdsExhaust, which cleverly masquerades as a legitimate Oculus installer, deceiving unsuspecting users into downloading it.
Oculus, a brand of virtual reality (VR) hardware and software developed by Oculus VR, a subsidiary of Meta Platforms (formerly Facebook Inc.), has become the target for this malicious adware. The researchers at eSentire’s Threat Response Unit disclosed their findings to Hackread.com, revealing that the adware was first detected in June 2024, being circulated through a counterfeit Oculus installer application.
The infection process initiates when a user searches for the Oculus application on a search engine, specifically Google in this case, and inadvertently encounters malicious websites distributing AdsExhaust. Upon downloading and installing the fake Oculus software, instead of obtaining the authentic Oculus application, users unwittingly introduce AdsExhaust onto their devices.
Upon installation, AdsExhaust begins to steal user data and inundate users with unwanted advertisements, causing annoyance and potentially jeopardizing their privacy while generating illicit revenue. Additionally, this adware can capture screenshots from infected devices and engage with browsers through simulated keystrokes, a unique and perilous feature.
The functionality of automatically clicking through advertisements or redirecting the browser to specific URLs enables AdsExhaust to generate revenue for the operators of the adware. Furthermore, it employs tactics like retrieving malicious code, snapping screenshots, and creating overlays to evade detection, making traditional detection methods less effective.
AdsExhaust can also shut down its browser activity upon detecting user interaction with the mouse, and with the Edge browser running, it seeks out the word “Sponsored” to interact with it, boosting ad revenue by generating fake clicks on sponsored ads. Such activities can consume system resources, resulting in sluggish device performance.
In response to the threat posed by AdsExhaust, eSentire’s 24/7 SOC Cyber Analysts swiftly contained the host to mitigate the risk and alerted the affected customer. To safeguard against AdsExhaust and similar threats, users are urged to download software only from official sources, be wary of counterfeit applications, utilize trustworthy antivirus and anti-malware solutions, and stay informed about the latest cybersecurity risks.
It is crucial to rely on official websites or reputable app stores and carefully scrutinize file names and developer information before installing any software to mitigate the risk of falling victim to adware attacks like AdsExhaust.
In conclusion, vigilance and caution are paramount when navigating the digital landscape to protect oneself from evolving threats like AdsExhaust. Stay informed, stay protected, and stay cyber-aware in the ever-changing realm of cybersecurity.