Dozens of Apps on Microsoft Store Displaying Adult, Gambling Content


On March 14, Symantec’s team discovered more than 80 Potentially Unwanted Applications (PUAs) on the Microsoft Store, some of which display pornographic images and gambling content. While some have been removed, most of these apps are still available to download from the app store. The apps cover a range of different categories such as sports, games, news, tips, etc. They appear to be published by more than 30 different developers. A full list of the 81 apps, as well as their store page links and author names, can be found in the table at the end of this post.

Fake apps
To trick users, the apps use familiar names from some popular brands in their titles, such as Wix Updates Application, Antivirus Avira App, Norton Antivirus Updates App, McAfee Antivirus Updates News, Tinder Dating Updates, Tips and Games, and Grindr Updates. However, these apps have nothing to do with the brands or their original apps. In fact, some of them display content such as pornographic images and advertisements for gambling websites. Other apps merely redirect users to the legitimate website of the brand they are claiming to be related to but they all have the ability to display whatever content they chose at a later date.

Questionable content
All these apps show their unsavory content at start time. At the same time, none of the apps state this behavior in the description section on the app store page. In fact, the apps all display innocuous screenshots provided by the developers, which are totally unrelated to the real functionality of the apps.

Shared server
The team analyzed the samples and found that they all call http://myservicessapps[DOT]com/firebase/[PHP Name]?app=[APP ID] to get the configuration for the current application, where the app can parse the style and specified URL by the “red_ph” value in the configuration. For example, for the app Buy Bitcoin, the app will call http://myservicessapps[DOT]com/firebase/win_new_cl.php?app=2504-buy-bitcoin at app start time to retrieve the configuration, and the “red_ph” value directs the application to behave accordingly. This tactic allows the apps to display whatever content the developers choose, so even the apps that currently redirect to legitimate websites could display dodgy content at a later date.

Potential for more serious risks
Since the app is fully controlled by the server, it is possible for the developer to inject malicious code of their choosing. This could, for example, be coin-mining scripts, allowing the app developers to generate profit from users who have installed their apps. The developers can also display phishing websites in the apps. In fact, some of the apps already show suspicious phishing content that requests credit card information.

Similar file structure
Symantec explored the application packages of all of the apps and found that the content of each looks very similar. This, combined with the fact that they are sharing the same server, makes it highly likely that these applications are published by the same group of developers.

Microsoft was notified about the discovery and said it would investigate. Several of the apps are no longer available on the Microsoft Store, however many are still available for download, and pose a significant risk to users.

Mitigation
Stay protected from malware and other risks by taking these precautions:
• Keep your software up to date
• Do not download apps from unfamiliar sites
• Only install apps from trusted sources
• Install a suitable security app, such as Norton or Symantec Endpoint Protection, to protect your device and data
• Make frequent backups of important data

In addition, the following tips can help you avoid downloading PUAs:
• Check the name of the app you’re thinking of downloading. If it’s a popular app, search online for it and make sure the name matches the results. Fake app authors will often add words to the legitimate app’s name, such as “Updates” which can be a clue something isn’t right.
• Check the app developer’s name, which can be found on the app’s store page. Do an internet search for the developer as there may be users who have had experience of their apps – good or bad.
• Check the app reviews. While fake reviews are common, they’re often short and generic. There may also be legitimate reviews from users who have figured out that the app isn’t what it appears to be.
• There may also be some visual clues that the app is not legitimate, such spelling mistakes or layouts and user interfaces that look unprofessional.

Protection
Symantec and Norton products detect the apps as PUA.Redpher

STILL ACTIVE ON THE STORE:
10Bet – Developer: Podyanou
1x Bet – Developer: Benjamin19191
888 Sport Application – Developer: Cityvesse
AFF Dating Updates App – Developer: Dmimty Developer
ASHLEY MADISSON DATING UPDATES APP – Developer: New Nice Company Dev
BETBOO – Developer: Dev Dmitry Games
BLENDR HOOK UP DATING UPDATES – Developer: Timothy17726
Badoo News and Updates App – Developer: olivervapp
Bet90 – Developer: AllenKevin19929
bet365 sports app – Developer: StephanAppsz
BetVictor Updates – Developer: MinyanRyan
Betclick – Developer: MarkLawles19920
Betfred Sports – Developer: marky18281
Betfred Updates – Developer: Kevilum
Betin Updates – Developer: Torresakin
Casino Metropol Updates – Developer: Dev ACCS dEVELOPER
casino.com – Developer: StephanAppsz
Casitabi – Developer: Dmitry Rey Dev
eSports Betting – Developer: HoangVanLoc
Fafafa gold slots – Developer: ArcadiyDevelop
Fortuna Application – Developer: AllenKevin19929
Gala Bingo Application – Developer: NathanMachan
Global Poker – Developer: Timothy17726
Huuuge Games Application – Developer: NickNelson1199
Lottoland – Developer: ArcadiyDevelop
Monopoly Casino – Developer: Dev Dmitry Games
NordicBet – Developer: DevelopersTeam 2019
Nossaaposta App – Developer: TimothyJack6595
OkCupid App – Developer: waltersteve1818
Open365 – Developer: New Nice Company Dev
Paddy Sports – Developer: Benjamin19191
Parx Casino – Developer: Alexand Develop
Poker-Stars – Developer: Cityvesse
Poker. – Developer: HoangVanLoc
Ratucasino88 Games and News – Developer: TimothyJack6595
Sky Bet Updates Action – Developer: MaddocksSis
Slots. – Developer: waltersteve1818
SportingBet App – Developer: ChrisTimothy188271
Sportium – Developer: Dmitry Rey Dev
Svenskaspel – Developer: MarkLawles19920
Tinder Dating Updates, Tips and Games – Developer: Vladimir Develop
Tombola Bingo App – Developer: EliotChica
Unibet Games and News – Developer: Torresakin
Unique Casino – Developer: marky18281
William Hill Sports Bet – Developer: Liamerlass
Winamax App – Developer: Dev ACCS dEVELOPER
Winline – Developer: DevelopersTeam 2019
Wix Updates Application – Developer: ChrisTimothy188271
YouWin App – Developer: Dmimty Developer

REMOVED FROM STORE:
22Bet – Developer: PeterChrisAppz
888Poker Application – Developer: CharlesDavid91881
Allslots. – Developer: johnsonapps2014
Antivirus Avira App – Developer: ChrisLewis19912
Balkan Bet – Developer: Benji19919
Bet365 Updates App – Developer: CharlesDavid91881
Bets10 App – Developer: Developer System 3D
Bitstamp App – Developer: RonaldHuffapps
Boxing App – Developer: ClintSaunders88181
Buy Bitcoin. – Developer: JohnJonesapp1112
Bwin Scommesse – Developer: mitchelljordan999
CoinMarketCap Application – Developer: RonaldHuffapps
Coinbase Updates – Developer: JohnJonesapp1112
DafaBet App – Developer: Developer System 3D
DrueckGlueck – Developer: donaldgreenleaf1211
Ethereum – Developer: JohnJonesapp1112
Foxy Bingo Games and News App – Developer: leonmat1818
Grand National Updates – Developer: MikeDsouzaApp
Grindr Updates – Developer: RossApps1991
Grosvenor Casino App – Developer: JamesIssue
Huuuge Casino Games Updates – Developer: RossApps1991
Jackpotjoy – Developer: Anthonyturnerapps
Kraken. – Developer: jacobapps2017
McAfee Antivirus Updates News – Developer: Williamswill1212
Moon Bingo App – Developer: leonmat1818
Norton Antivirus Updates App – Developer: Vladimir Develop
Norton Free Antivirus Updates Guide – Developer: TimothyJack18818
OLIMP APPLICATION – Developer: Aaron188271
Regal Wins – Developer: Aaron188271
Roxy Palace – Developer: donaldgreenleaf1211
William Hill Sportbook. – Developer: Ez Developer Co

NOTE: Some titles could not be displayed due to issues displaying foreign language fonts

Source: Symantec.com

Leave a Reply

Your email address will not be published. Required fields are marked *

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑