{"id":28445,"date":"2025-07-31T11:22:37","date_gmt":"2025-07-31T09:22:37","guid":{"rendered":"https:\/\/tinextadefence.it\/?p=28445"},"modified":"2025-07-31T11:22:37","modified_gmt":"2025-07-31T09:22:37","slug":"chinese-adware-in-the-microsoft-store-malware-analysis-report","status":"publish","type":"post","link":"https:\/\/tinextadefence.it\/en\/chinese-adware-in-the-microsoft-store-malware-analysis-report\/","title":{"rendered":"Chinese Adware in the Microsoft Store: Malware Analysis Report"},"content":{"rendered":"

Our\u00a0Malware Lab<\/b>\u00a0recently conducted an in-depth analysis on \"Wallpapers Engine<\/b>\"an application distributed free of charge through the\u00a0Microsoft Store<\/b>.<\/p>\n

Although it presents itself as a customisation tool for the Windows environment, the app incorporates within it a number of adware components aimed at distributing potentially unwanted content, such as invasive and potentially fraudulent advertisements, and behaviour that could convey arbitrary code via a C2 server.<\/p>\n

During our analysis, it emerged that the application is an advertising campaign vehicle that displays false warnings about problems in the system with the aim of inducing the user to install a PC cleaning application. The final payload is software that follows a pay-as-you-go model on practically every feature required to solve non-existent problems.<\/p>\n

The survey showed that a large part of the functionality offered was derived from\u00a0legitimate open-source software<\/b>integrated into the app to simulate apparent reliability, but in all likelihood in violation of the relevant licences.<\/p>\n

The most striking aspect is that the campaign was orchestrated by a publisher operating through a single account and always using the same unique identifier to sign the final Potentially Unwanted Program (PUP). This is a clear sign of a coordinated and repeated operation, and not an isolated case, aimed at exploiting the Microsoft Store ecosystem for circumvention and profit.<\/p>\n

We believe that the invasive techniques used by this app should not be allowed on an official store, which is why Microsoft was warned before the report was published. However, we have not yet received a response, while the app is still available for download.<\/p>\n

If you wish to learn more, here is the link to our\u00a0full report<\/a><\/b>.<\/p>\n

In addition, you can subscribe to the Cyber Studios by Tinexta Defence mailing list to receive updates on upcoming reports:<\/span>\u00a0<\/span><\/p>\n

https:\/\/tinextadefence.it\/mailing-list-cyber-studios\/<\/span><\/a>\u00a0<\/span><\/p>","protected":false},"excerpt":{"rendered":"

Our Malware Lab recently conducted an in-depth analysis of 'Wallpapers Engine', an application distributed free of charge via the Microsoft Store. Although it presents itself as a customisation tool for the Windows environment, the app incorporates a number of adware components aimed at distributing potentially unwanted content, such as invasive and potentially fraudulent advertisements, and behaviour that [...]<\/p>","protected":false},"author":7,"featured_media":28446,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[102],"tags":[],"class_list":["post-28445","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tinextadefencebusiness"],"acf":[],"yoast_head":"\nChinese Adware in the Microsoft Store: Malware Analysis Report - Tinexta Defence<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/tinextadefence.it\/en\/chinese-adware-in-the-microsoft-store-malware-analysis-report\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Chinese Adware in the Microsoft Store: Malware Analysis Report - Tinexta Defence\" \/>\n<meta property=\"og:description\" content=\"Il nostro\u00a0Malware Lab\u00a0ha recentemente condotto un\u2019analisi approfondita su \u201cWallpapers Engine\u201d, un’applicazione distribuita gratuitamente attraverso il\u00a0Microsoft Store. Sebbene si presenti come uno strumento di personalizzazione per l\u2019ambiente Windows, l\u2019app incorpora al suo interno una serie di componenti adware finalizzati alla distribuzione di contenuti potenzialmente indesiderati, come pubblicit\u00e0 invasive e potenzialmente fraudolente, e ad un comportamento che […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/tinextadefence.it\/en\/chinese-adware-in-the-microsoft-store-malware-analysis-report\/\" \/>\n<meta property=\"og:site_name\" content=\"Tinexta Defence\" \/>\n<meta property=\"article:published_time\" content=\"2025-07-31T09:22:37+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/07\/Business_evidenza-2.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1800\" \/>\n\t<meta property=\"og:image:height\" content=\"960\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Federica Casadei\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Federica Casadei\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/tinextadefence.it\/chinese-adware-in-the-microsoft-store-malware-analysis-report\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/tinextadefence.it\/chinese-adware-in-the-microsoft-store-malware-analysis-report\/\"},\"author\":{\"name\":\"Federica Casadei\",\"@id\":\"https:\/\/tinextadefence.it\/#\/schema\/person\/0dc89f3eeaa8cd7b7c354b61c84d164d\"},\"headline\":\"Chinese Adware in the Microsoft Store: Malware Analysis Report\",\"datePublished\":\"2025-07-31T09:22:37+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/tinextadefence.it\/chinese-adware-in-the-microsoft-store-malware-analysis-report\/\"},\"wordCount\":311,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/tinextadefence.it\/#organization\"},\"image\":{\"@id\":\"https:\/\/tinextadefence.it\/chinese-adware-in-the-microsoft-store-malware-analysis-report\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/07\/Business_evidenza-2.jpg\",\"articleSection\":[\"#TDefenceBusiness\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/tinextadefence.it\/chinese-adware-in-the-microsoft-store-malware-analysis-report\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/tinextadefence.it\/chinese-adware-in-the-microsoft-store-malware-analysis-report\/\",\"url\":\"https:\/\/tinextadefence.it\/chinese-adware-in-the-microsoft-store-malware-analysis-report\/\",\"name\":\"Chinese Adware in the Microsoft Store: Malware Analysis Report - Tinexta Defence\",\"isPartOf\":{\"@id\":\"https:\/\/tinextadefence.it\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/tinextadefence.it\/chinese-adware-in-the-microsoft-store-malware-analysis-report\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/tinextadefence.it\/chinese-adware-in-the-microsoft-store-malware-analysis-report\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/07\/Business_evidenza-2.jpg\",\"datePublished\":\"2025-07-31T09:22:37+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/tinextadefence.it\/chinese-adware-in-the-microsoft-store-malware-analysis-report\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/tinextadefence.it\/chinese-adware-in-the-microsoft-store-malware-analysis-report\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/tinextadefence.it\/chinese-adware-in-the-microsoft-store-malware-analysis-report\/#primaryimage\",\"url\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/07\/Business_evidenza-2.jpg\",\"contentUrl\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/07\/Business_evidenza-2.jpg\",\"width\":1800,\"height\":960},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/tinextadefence.it\/chinese-adware-in-the-microsoft-store-malware-analysis-report\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/tinextadefence.it\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Chinese Adware in the Microsoft Store: Malware Analysis Report\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/tinextadefence.it\/#website\",\"url\":\"https:\/\/tinextadefence.it\/\",\"name\":\"Tinexta Defence\",\"description\":\"think next, protect now\",\"publisher\":{\"@id\":\"https:\/\/tinextadefence.it\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/tinextadefence.it\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/tinextadefence.it\/#organization\",\"name\":\"Tinexta Defence\",\"url\":\"https:\/\/tinextadefence.it\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/tinextadefence.it\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_marchio.png\",\"contentUrl\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_marchio.png\",\"width\":2000,\"height\":990,\"caption\":\"Tinexta Defence\"},\"image\":{\"@id\":\"https:\/\/tinextadefence.it\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/tinextadefence.it\/#\/schema\/person\/0dc89f3eeaa8cd7b7c354b61c84d164d\",\"name\":\"Federica Casadei\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/tinextadefence.it\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/6b35becb35fb83a681c7b431c36de302b4101b5ef0c48984910308c04617428f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/6b35becb35fb83a681c7b431c36de302b4101b5ef0c48984910308c04617428f?s=96&d=mm&r=g\",\"caption\":\"Federica Casadei\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Chinese Adware in the Microsoft Store: Malware Analysis Report - Tinexta Defence","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/tinextadefence.it\/en\/chinese-adware-in-the-microsoft-store-malware-analysis-report\/","og_locale":"en_GB","og_type":"article","og_title":"Chinese Adware in the Microsoft Store: Malware Analysis Report - Tinexta Defence","og_description":"Il nostro\u00a0Malware Lab\u00a0ha recentemente condotto un\u2019analisi approfondita su \u201cWallpapers Engine\u201d, un’applicazione distribuita gratuitamente attraverso il\u00a0Microsoft Store. Sebbene si presenti come uno strumento di personalizzazione per l\u2019ambiente Windows, l\u2019app incorpora al suo interno una serie di componenti adware finalizzati alla distribuzione di contenuti potenzialmente indesiderati, come pubblicit\u00e0 invasive e potenzialmente fraudolente, e ad un comportamento che […]","og_url":"https:\/\/tinextadefence.it\/en\/chinese-adware-in-the-microsoft-store-malware-analysis-report\/","og_site_name":"Tinexta Defence","article_published_time":"2025-07-31T09:22:37+00:00","og_image":[{"width":1800,"height":960,"url":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/07\/Business_evidenza-2.jpg","type":"image\/jpeg"}],"author":"Federica Casadei","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Federica Casadei","Estimated reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/tinextadefence.it\/chinese-adware-in-the-microsoft-store-malware-analysis-report\/#article","isPartOf":{"@id":"https:\/\/tinextadefence.it\/chinese-adware-in-the-microsoft-store-malware-analysis-report\/"},"author":{"name":"Federica Casadei","@id":"https:\/\/tinextadefence.it\/#\/schema\/person\/0dc89f3eeaa8cd7b7c354b61c84d164d"},"headline":"Chinese Adware in the Microsoft Store: Malware Analysis Report","datePublished":"2025-07-31T09:22:37+00:00","mainEntityOfPage":{"@id":"https:\/\/tinextadefence.it\/chinese-adware-in-the-microsoft-store-malware-analysis-report\/"},"wordCount":311,"commentCount":0,"publisher":{"@id":"https:\/\/tinextadefence.it\/#organization"},"image":{"@id":"https:\/\/tinextadefence.it\/chinese-adware-in-the-microsoft-store-malware-analysis-report\/#primaryimage"},"thumbnailUrl":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/07\/Business_evidenza-2.jpg","articleSection":["#TDefenceBusiness"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/tinextadefence.it\/chinese-adware-in-the-microsoft-store-malware-analysis-report\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/tinextadefence.it\/chinese-adware-in-the-microsoft-store-malware-analysis-report\/","url":"https:\/\/tinextadefence.it\/chinese-adware-in-the-microsoft-store-malware-analysis-report\/","name":"Chinese Adware in the Microsoft Store: Malware Analysis Report - Tinexta Defence","isPartOf":{"@id":"https:\/\/tinextadefence.it\/#website"},"primaryImageOfPage":{"@id":"https:\/\/tinextadefence.it\/chinese-adware-in-the-microsoft-store-malware-analysis-report\/#primaryimage"},"image":{"@id":"https:\/\/tinextadefence.it\/chinese-adware-in-the-microsoft-store-malware-analysis-report\/#primaryimage"},"thumbnailUrl":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/07\/Business_evidenza-2.jpg","datePublished":"2025-07-31T09:22:37+00:00","breadcrumb":{"@id":"https:\/\/tinextadefence.it\/chinese-adware-in-the-microsoft-store-malware-analysis-report\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/tinextadefence.it\/chinese-adware-in-the-microsoft-store-malware-analysis-report\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/tinextadefence.it\/chinese-adware-in-the-microsoft-store-malware-analysis-report\/#primaryimage","url":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/07\/Business_evidenza-2.jpg","contentUrl":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/07\/Business_evidenza-2.jpg","width":1800,"height":960},{"@type":"BreadcrumbList","@id":"https:\/\/tinextadefence.it\/chinese-adware-in-the-microsoft-store-malware-analysis-report\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/tinextadefence.it\/"},{"@type":"ListItem","position":2,"name":"Chinese Adware in the Microsoft Store: Malware Analysis Report"}]},{"@type":"WebSite","@id":"https:\/\/tinextadefence.it\/#website","url":"https:\/\/tinextadefence.it\/","name":"Tinexta Defence","description":"think next, protect now","publisher":{"@id":"https:\/\/tinextadefence.it\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/tinextadefence.it\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/tinextadefence.it\/#organization","name":"Tinexta Defence","url":"https:\/\/tinextadefence.it\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/tinextadefence.it\/#\/schema\/logo\/image\/","url":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_marchio.png","contentUrl":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_marchio.png","width":2000,"height":990,"caption":"Tinexta Defence"},"image":{"@id":"https:\/\/tinextadefence.it\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/tinextadefence.it\/#\/schema\/person\/0dc89f3eeaa8cd7b7c354b61c84d164d","name":"Federica Casadei","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/tinextadefence.it\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/6b35becb35fb83a681c7b431c36de302b4101b5ef0c48984910308c04617428f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6b35becb35fb83a681c7b431c36de302b4101b5ef0c48984910308c04617428f?s=96&d=mm&r=g","caption":"Federica Casadei"}}]}},"_links":{"self":[{"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/posts\/28445","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/comments?post=28445"}],"version-history":[{"count":0,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/posts\/28445\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/media\/28446"}],"wp:attachment":[{"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/media?parent=28445"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/categories?post=28445"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/tags?post=28445"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}