Electron Bot ! Malware Spreads via Microsoft Store
A new strain of malware called Electron Bot, has already infected more than 5,000 machines worldwide. Once it takes over a victim’s system, it can control their social media accounts on services such as Facebook and SoundCloud.
It can register new accounts, log in with your credentials, share posts, and even comment on and like other posts. Check Point Research, the research firm that discovered the malware, found it was being actively distributed through Microsoft’s official app Store, where it masquerades as popular games like Temple Run or Subway Surfer.
Once downloaded on to a user’s system, the malware begins a SEO poisoning routine, a method where threat actors create fake websites and use search engine optimisation tactics to rank them high in search results online.
It also functions as an “ad-clicker” an automatic process where it will constantly generate clicks on remote websites to increase ad revenue. Since it can take control of social media accounts, it can promote fake apps and websites through them as well.
This research analyzed a new malware called Electron Bot that has attacked more than 5,000 victims globally. Electron Bot infects machines when downloading certain apps from the official Microsoft store platform. The Electron framework provides Electron apps with access to all the computer resources, including GPU computing. As the bot’s payload is loaded dynamically at every run time, the attackers can modify the code and change the bots behavior to high risk
CPR researchers warn that there is incredible risk with that, and all users should follow a few safety tips when downloading applications:
- Avoid downloading an application with small amount of reviews
- Look for applications with good, consistent, and reliable reviews
- Pay attention to suspicious application naming which is not identical to the original name
Indicators of Compromise
- Lupy games
- Crazy 4 games
- Jeuxjeuxkeux games
- Akshi games
- Goo Games
- Bizzon Case
- Electron Bot[.]s3[.]eu-central-1[.]amazonaws.com