The malware boasts diverse capabilities, including SEO poisoning, where cybercriminals create infected websites and use SEO tactics to ensure these sites appear prominently in search results.
Israel-based cybersecurity research firm Check Point has revealed the details of a dangerous malware that hides in fake versions of popular games on the official Microsoft Store.
The malware has been dubbed Electron Bot as a reference to the C2 domain used in some of the campaigns. The identity of the malware author is unknown, but researchers believe that the malware might be operating from outside of Bulgaria.
Popular Games Exploited To Deploy Malware
If you like to play video games like Subway Surfers or Temple Run, be cautious when downloading them on your device because there are fake versions of many popular games available on the Microsoft Store loaded with Electron Bot malware.
Some of the game publishers reportedly releasing spoofed games include Akshi games, Bizzon Case, Lupy games, Goo Games, Crazy 4 games, and Jeuxjeuxkeux games. Do not download games from these firms as they might contain malware. Such as, Temple Endless Runner 2 is promoted as a sequel to Temple Run, but it actually is a clone looking to infect your device.
About Electron Bot
According to Check Point’s research, Electron Bot is a “modular SEO poisoning malware.” Its primary use is for social media promotion and click fraud, wrote Moshe Marelus in the report from Check Point.
The malware is distributed through the Microsoft Store platform and has infected dozens of games and applications so far. Moreover, researchers noted that attackers constantly upload infected games/apps to innocent trap users.
According to Check Point’s report, the attackers’ activities were identified after an ad clicker campaign was detected in late 2018. Electron Bot was reportedly hiding inside an app on Microsoft Store called Album by Google Photos, published by Google LLC. Since then, the malware has evolved considerably as attackers have added new features and techniques to improve its capabilities.
For your information, the bot is developed using the Electron framework. The framework is used to build a cross-platform desktop application with Web scripts. It combines the Node.js runtime with the rendering engine of Chromium to allow the malware the capabilities of a browser controlled by scripts, such as JavaScript.
More Microsoft security news
- Hackers are using Microsoft Teams chat to spread malware
- Kraken botnet bypass Windows Defender to steal crypto wallet data
- Microsoft warns of Azure vulnerability which exposed users to data theft
- Update Windows 10 to patch critical vulnerability in Microsoft store games
- Microsoft: ‘Destructive malware’ fakes ransomware to target Ukrainian orgs
Electron Bot Capabilities
The malware boasts diverse capabilities, including SEO poisoning, where cybercriminals create infected websites and use SEO tactics to ensure these sites appear prominently in search results.
Electron Bot is also used as an Ad Clicker to connect to remote websites and generate clicks for ads. Electron Bot is also a backdoor that lets the attacker gain complete control over the infected device and performs click fraud and social media promotion via YouTube, Google, Facebook, and Sound Cloud.
Furthermore, Electron Bot can also promote online products to increase store ratings or generate revenues via ad clicking. Apart from performing social media promotion, it can register new accounts, log in to these accounts, and like and comment on posts.
How to Stay Protected?
Electron Bot has infected around 5,000 computers in Israel, Sweden, Spain, and Bermuda. However, researchers claim that the campaign will spread to more regions soon. You can avoid infection by ensuring that you check the names of games on the MS Windows Store.
Make sure that the name matches the known entity. Never trust games with very low or very high review counts. Lastly, avoid downloading games from the publishers mentioned above.
