How was this Windows Store app able to download adware to a Windows 10 PC?

[Batu69]

Apps from the Windows Store run in a highly restricted sandbox and have to be approved before they can be listed. So why was this app able to automatically download an executable file that multiple virus scanners identified as potentially dangerous?

 

One of the biggest selling points of the Windows Store is its promise of safety. Apps have to be approved to make it into the store, and the sandbox in which apps run should prevent them from causing any damage or installing malware or unwanted software.

 

That doesn't mean developers can't try shady tricks. But their options are extremely limited, which is why I was surprised to find an app in the Windows Store last week that actually succeeded in downloading adware to a Windows 10 PC.

 

An unsophisticated user might have been fooled into going one step further and running that software, resulting in the installation of an annoying piece of adware and potentially much worse.

 

I had used the app, a bare-bones BitTorrent client called Torrenty, on a different PC several months ago but hadn't tried it recently. After installing the current version from the Store, I was surprised to see this curious message at startup:

 

Clicking that official-looking update button immediately begins an untrusted download

 

That "1 Update(s) Pending" message doesn't look like an ad; it appears to be part of the user interface. Clicking that button opened a web page that immediately tried to download a program called Setup.exe.

 

With Microsoft Edge set as the default browser, the software downloaded in a matter of seconds, with a Run button appearing at the bottom of the browser window.

 

Both Microsoft Edge and Google Chrome allowed a potentially dangerous download

 

Google Chrome downloaded a variant of the Setup file without complaint, leaving it in the Downloads folder with a shortcut at the bottom of the Chrome window, ready to run.

 

With Firefox set as the default browser, that web page led to a different destination:

 

Mozilla Firefox (using Google's Safe Browsing service) blocked the download

 

That Setup program could have installed anything, including ransomware or a password-stealing keylogger. As it turned out, the threat was relatively mild: a free BitTorrent client called BitLord (a Windows desktop program) wrapped in an adware downloader.

 

A Virustotal analysis found that 24 of 56 antivirus scanners detected the file as a potentially unwanted program or adware, with several specifically calling out the offender, Download Assistant.

 

The unwanted software that it tried to install is a cross-platform (OS X and Windows) browser add-in, PremierOpinion, which reportedly delivers pop-up surveys and places unwanted ads in the browsers it's attached to. When you search for that product name in Google, the first three results are instructions for removing the software.

 

Google's Safe Browsing service offers this Site Status report for ezsoftdownloads.com, which includes a blood-red exclamation point icon, followed by the word Dangerous, also in blood-red type. The description matter-of-factly reports that the site "send visitors to dangerous websites" and that "some pages on this website install malware on visitors' computers."

 

If you try to visit ezsoftdownloads.com in a web browser, you'll get nowhere. The domain appears to be set up exclusively to host shady downloads.

The Safe Browsing report also notes, "Dangerous websites have been sending visitors to this website, including backbacon.co." That was the destination of the original URL called from the Windows Store app. The Backbacon home page merely says it's a "web service," with no additional details and only an email link "for more information."

 

Ironically, Firefox was able to use Google's Safe Browsing service to block the dangerous site, but the URL in the Windows Store app included a custom link for Chrome, which allowed the adware to avoid detection.

 

This is, of course, depressingly familiar behavior for random web searches, where this category of misleading software routinely shows up in search results.

But it's not supposed to happen from a sandboxed and supposedly screened app from the Windows Store.

 

I reported the app to a contact at Microsoft and it was removed from the Windows Store almost immediately. Its listing page is still in place, for now, with almost 2400 reviews giving the app high marks overall.

 

I've asked Microsoft for comment on how this app was able to get away with this behavior and whether other apps are capable of the same malicious action. I'll update the post when I hear back.

 

Article source

[straycat19]

30 minutes ago, Batu69 said:

with almost 2400 reviews giving the app high marks overall.

 

And people don't understand why I don't trust user reviews on any site.  Here are 2400 certified, in their own words, as fucking idiots. So much for Windows 10 and safety which just proves that Microsoft isn't checking the apps they allow in their store either.  If this one got thru then how many more are just sitting there waiting for someone who drank the kool-aid and believes Microsoft really cares about their security to download and run them.

[steven36]

1 hour ago, straycat19 said:

 

And people don't understand why I don't trust user reviews on any site.  Here are 2400 certified, in their own words, as fucking idiots. So much for Windows 10 and safety which just proves that Microsoft isn't checking the apps they allow in their store either.  If this one got thru then how many more are just sitting there waiting for someone who drank the kool-aid and believes Microsoft really cares about their security to download and run them.

So you plain to make the switch to  Linux or Mac OSX  one day or just bellyache about it ? 4 years from now  does you're  work plain to use outdated software and be audited  and closed down ?  Tell 2020 windows 7 is fine for biz users but in 2020 it want be. Do you ever think about the future ?. If i was a IT witch im not  when i worked in the computer industry I was  a different type of technician that made parts that went in units. I would  have to learn  about servicing Windows 10  if i was and  as long as they paid i would not give a shit what i had  to install or service. I heard the same thing from XP users  not long ago now  most are running windows 7. nothing last for ever . You're  worse than Microsoft trying force windows 10  on people . You tell people to never update windows  at all just so they can keep a version of windows that its days are marked on the wall.

 

It's up to the person at home do he or she want to wait  and buy a new PC  latter  or take  the free upgrade now or not  but  most business surely  will buy new PCs  soon . i think the article i 1st posted  back like July 2015 was right that most will  buy windows  10  through 2018 -2020 . I dont look for it to start selling to  business much tell it gets closer to EOL  of windows 7 if history repeats  its self and most the time it does.

[AP1972]

Passed by reference wanted to see with my own eyes ... he tells me " The app you're looking for isn't here anymore "

Spoiler

https://www.microsoft.com/en-us/store/apps/torrenty/9nblggh1f121

 

[steven36]

1 minute ago, AP1972 said:

Passed by reference wanted to see with my own eyes ... he tells me " The app you're looking for isn't here anymore "

  Reveal hidden contents

https://www.microsoft.com/en-us/store/apps/torrenty/9nblggh1f121

 

Anything man made  is not prefect . The apps from windows store  are not even good as legacy  apps yet . Sooner or latter they will be a outbreak of malware in the sandbox part of windows 10  really there not doing nothing new here .Apple  and Linux have been doing it for years but still Linux is much safer because most everything  runs just fine  without root . Linux  or Apple are not malware free and Windows users try make a big deal out of when something is found because they run a system were most all malware and virus is made for .even developers get paid to put spyware and adware in too free apps on windows.

[vibranium]

Quote

 

I've asked Microsoft for comment on how this app was able to get away with this behavior and whether other apps are capable of the same malicious action. I'll update the post when I hear back.

 

 

This is a big reason why company admins want to block Windows Store completely. Now they can't unless the move everyone to Enterprise/Education.

 

Thanks, Microsoft.

[steven36]

29 minutes ago, vibranium said:

Now they can't unless the move everyone to Enterprise/Education.

 

This is not  true

all they have to do is

 

• Open Start Menu and Type "PowerShell."
• Run it with administrator privilege.
• Now type the following command to remove Windows 10 Store app.

Get-AppxPackage *windowsstore* | Remove-AppxPackage

 

[LOQUILLO]

4 hours ago, steven36 said:

This is not  true

all they have to do is

 

• Open Start Menu and Type "PowerShell."
• Run it with administrator privilege.
• Now type the following command to remove Windows 10 Store app.

Get-AppxPackage *windowsstore* | Remove-AppxPackage

 

Hi @steven36you will must stick-up in an only one post, it's very important.

[vibranium]

13 hours ago, steven36 said:

This is not  true

all they have to do is

 

• Open Start Menu and Type "PowerShell."
• Run it with administrator privilege.
• Now type the following command to remove Windows 10 Store app.

Get-AppxPackage *windowsstore* | Remove-AppxPackage

 

 

That is not true either. This is not a supported option, and companies cannot risk anything breaking down that Micro-S can pin the blame on.

 

 

 

 

[steven36]

18 minutes ago, vibranium said:

 

That is not true either. This is not a supported option, and companies cannot risk anything breaking down that Micro-S can pin the blame on.

 

 

 

 

What I say  s true,  It dont break nothing  you can install it back from powershell just as easy.

 

Reinstall Windows 10 Store

If you wish to reinstall Windows 10 Store, you can also open an elevated PowerShell windows, type the following command and hit Enter:

Get-AppXPackage *WindowsStore* -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}

If there too much of a chicken to find a workaround  they can buy enterprise

[vibranium]

Just now, steven36 said:

What I say  s true,  It dont break nothing  you can install it back from powershell just as easy.

 

Reinstall Windows 10 Store

If you wish to reinstall Windows 10 Store, you can also open an elevated PowerShell windows, type the following command and hit Enter:

Get-AppXPackage *WindowsStore* -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}

If there much of a chicken to find a workaround  they can by enterprise

 

 

Once again we disagree. And once again you must be right, and aggressively so.

 

Go ahead and be "right."  Own the truth.

 

 

[steven36]

16 minutes ago, vibranium said:

 

 

Once again we disagree. And once again you must be right, and aggressively so.

 

Go ahead and be "right."  Own the truth.

 

 

Also they can buy  a Businesses Firewall and block windows from connecting through there network

 

or they could buy process lasso  server and disable wwahost.exe  .  You may think I own the truth but you just disagree because you want too belly ache about windows 10 there;s a lot things wrong with it but  disabling the store is not one of them.

[Batu69]

Off topics / contents has been removed. Let fresh start guys