The so-called Electron Bot malware has found its way onto the Microsoft Store and is able to spread by disguising itself as popular games, including SubwaySurfer and Temple Run. Once infected, the malware engages in social media manipulation, click fraud, and SEO poisoning, according to security firm Checkpoint.
The malware gets its name from the Electron software framework with which it is built. After infection, the malware opens a hidden browser window and impersonates a real user by loading websites and mimicking behavior. By simulating mouse movements, scrolling behavior, and keyboard input, the malware can impersonate websites and Google as a legitimate user.
What do the malware makers want?
When installed, the malware allows it to take full control of the system. This allows manual real-time interaction with the system and remote code execution. As far as we know, there are about 5000 users who have downloaded the malware. According to Checkpoint’s security researchers, the malware has the following motives:
Social Media Promotion: Much of the functionality appears to be aimed at influencing social media. For example, the malware can create social media accounts and place pre-programmed comments, for example on YouTube videos.
Promotion of products: The malware is used both on social media and in advertising to put certain products in a positive light. Fake reviews, fake comments and posts promoting specific products are all possible.
Click fraud: The malware opens websites in the background and clicks ads out of the user’s view. For example, it appears to advertisers that an ad on certain websites performs better than it actually does.
SEO Poisoning: By visiting certain websites for specific search terms, it appears to Google that a site has good content for those searches. In reality, these are untrustworthy websites, such as phishing websites, or websites that distribute malware or false information.
How can the malware be on the Microsoft Store?
First of all, the malware pretends to be several popular games. These are often simple games like Temple Run. In addition, the makers ensure that the page does have a number of reviews. Finally, the games just work properly; all malicious activity happens in the background. The file size is also normal, as the malicious elements are only downloaded afterward.
The malware does not appear to cause any harm to users. Yet the malware has such far-reaching access that the cybercriminals could always add other malware packages afterward. To avoid downloading this type of malware, you as a user should pay attention to the number of reviews and the publisher of the application. In addition, you should carefully check the spelling of the name of the application.
Catch up on more articles here
Follow us on Twitter here