By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.

A malicious app called "Album by Google Photos" was found in the Microsoft Store today that pretends to be from Google. This app pretends to be part of Google Photos but is actually an ad clicker that repeatedly opens hidden advertisements in Windows 10. This free Album by Google Photos app claims to be created by Google LLC and has a description of "Finally, a photos app that's as smart as you.".  You can see an image of its Microsoft Store page below. As this is an ad clicker, the reviews for the app are not very good. One review calls it a "Fake App" and another is titled "Fake, do not install". The Album by Google Photos app is a PWA app (progressive web app) that acts as a front end to Google Photos, but with a bundled ad clicker. While the app is running, this ad clicker will repeatedly connect to remote hosts and display advertisements in the background in order to generate revenue for the developers. The ad clicker component consists of three files located in the app's folder called Block Craft 3D.dll, Block Craft 3D.exe, and Block Craft 3D.xr. You can see these files in the image of the folder below. When a user starts the Album by Google Photos app they will be greeted by a screen asking them to log in to Google Photos. This is a legitimate login screen from Google and though I did not see any indications that your logins are being stolen, I would still not advise logging into Google Photos with this app. After the app reads the configuration file, it will connect to the various "AdBanner" URLs and display them in the background. You can see in the Fiddler traffic below the app connecting to each of the ad URLs. Navigate to OUR FORUM to learn more.