Today > vulnerabilities   -   You can now download lists of IOCs here!

AdsExhaust, a Newly Discovered Adware MasqueradingOculus…

June 24, 2024, 4:52 p.m.

Description

In June 2024, the eSentire Threat Response Unit (TRU) identified adware, which we have dubbed AdsExhaust, being distributed through a fake Oculus installer application. The adware is capable of exfiltrating screenshots from infected devices and interacting with browsers using simulated keystrokes.

Date

Published: June 24, 2024, 4:35 p.m.

Created: June 24, 2024, 4:35 p.m.

Modified: June 24, 2024, 4:52 p.m.

Indicators

f2f850b85a72fa3bbf7ca45cd29e25439f04ba1955bc404ca0a4311b54395f61

dbec6c1be971c1cca4e98e73e3fa0db1a032813614f308bdc52c18c41c6675b8

c4a1cd46c8d2ebfc08e4af584a64fee54f73020e0f2dc84dc20c1b195a954519

962024ea6f85ca97adbd7ec55686579185f1cb5ce7dd7e722edd2a91d6872e91

95133896517b80620f4c81af332d258da5b7d50413b30eac1cf3808e511210a1

84af73ad559d67741eeba4b7b0b286a223bb5137d8edae11673d37a4c068c62e

79e8beff1589349e078b88496c469a84ccaeb00e176bdf39dc14811bb4c1a8c7

7c97c864aceff6ad7df548882a57165655c72f682313f3c59c5d8be37cea24fc

70364ea952ea4e7d60bbe0e87f288528f22e2f780179ac36ee101e1b335ea622

6dccb5e247c3117cb12b5f411d29b2c4bfa1f0230cd2b43bd4497671bb0f7f82

52c81cc2729ee702ed3803bbb94213a42fe4632f61abd4300ba8157f512be1df

351fa3e33d607ff77548ba6422ac0a5264fb3e847e65996d3ef4faefc2a738c5

1818a0062898b94dfccada9127d7d6af44bf663cb298759bef4447c43798e082

30b32288db0cde0156fe1e43db15b87ee71d14f2e9610180f27886e1ef20f9f1

04c74048c5be59ceb2e35d5538b72f3328a268953dfbe1f287285f1dbb7e1dfa

life2vec.io

oculus-app.com

Attack Patterns

TA0011

T1566

T1059