AdsExhaust, a Newly Discovered Adware MasqueradingOculus…
June 24, 2024, 4:52 p.m.
Tags
External References
Description
In June 2024, the eSentire Threat Response Unit (TRU) identified adware, which we have dubbed AdsExhaust, being distributed through a fake Oculus installer application. The adware is capable of exfiltrating screenshots from infected devices and interacting with browsers using simulated keystrokes.
Date
Published: June 24, 2024, 4:35 p.m.
Created: June 24, 2024, 4:35 p.m.
Modified: June 24, 2024, 4:52 p.m.
Indicators
f2f850b85a72fa3bbf7ca45cd29e25439f04ba1955bc404ca0a4311b54395f61
dbec6c1be971c1cca4e98e73e3fa0db1a032813614f308bdc52c18c41c6675b8
c4a1cd46c8d2ebfc08e4af584a64fee54f73020e0f2dc84dc20c1b195a954519
962024ea6f85ca97adbd7ec55686579185f1cb5ce7dd7e722edd2a91d6872e91
95133896517b80620f4c81af332d258da5b7d50413b30eac1cf3808e511210a1
84af73ad559d67741eeba4b7b0b286a223bb5137d8edae11673d37a4c068c62e
79e8beff1589349e078b88496c469a84ccaeb00e176bdf39dc14811bb4c1a8c7
7c97c864aceff6ad7df548882a57165655c72f682313f3c59c5d8be37cea24fc
70364ea952ea4e7d60bbe0e87f288528f22e2f780179ac36ee101e1b335ea622
6dccb5e247c3117cb12b5f411d29b2c4bfa1f0230cd2b43bd4497671bb0f7f82
52c81cc2729ee702ed3803bbb94213a42fe4632f61abd4300ba8157f512be1df
351fa3e33d607ff77548ba6422ac0a5264fb3e847e65996d3ef4faefc2a738c5
1818a0062898b94dfccada9127d7d6af44bf663cb298759bef4447c43798e082
30b32288db0cde0156fe1e43db15b87ee71d14f2e9610180f27886e1ef20f9f1
04c74048c5be59ceb2e35d5538b72f3328a268953dfbe1f287285f1dbb7e1dfa
life2vec.io
oculus-app.com
Attack Patterns
TA0011
T1566
T1059