Electron-bot is the new malware that has infected over 5,000 users on the Microsoft Store
Electron-bot is the new malware that has infected over 5
In a press release, Check Point Research, Threat Intelligence division of Check Point Software Technologies, announced that it has detected a new malware on the Microsoft Store, called Electron-bot, particularly present in very popular games such as "Temple Run" and "Subway Surfer. “.Photo Credit: Check Point Research According to company data, Electron-Bot has already infected over 5,000 users in twenty countries, most of them from Sweden, Bermuda , Israel and Spain. Malware, which can control victims' social accounts, has several capabilities:
SEO poisoning, a method by which cybercriminals create malicious websites and use search engine optimization tactics to show them in the top search results. This method is also used in sales as a service to promote the ranking of other sites. Ad Clicker, a computer infection that works in the background and constantly connects to websites to generate "clicks" for the ad, thus benefiting from the number of clicks that this ad receives. Promote social media accounts, such as YouTube and SoundCloud to direct traffic to specific content and increase views and clicks on ads, thus generating profits. Promote products online, to generate profits with clicks on ads or increase the store rating to increase sales. if (jQuery ("# crm_srl-th_hardware_d_mh2_1"). is (": visible")) {console.log ("Edinet ADV adding zone: tag crm_srl-th_hardware_d_mh2_1 slot id: th_hardware_d_mh2"); } Electron-bot is present in the games of some publishers, such as Lupy games, Crazy 4 games, Jeuxjeuxkeux games, Akshi games, Goo Games, Bizon case and others. Its operation is quite simple: after downloading a malicious application from the Microsoft Store, after installation, scripts sent by servers are executed that allow hackers to gradually take control of the system through a series of commands. This behavior also allows cybercriminals to evade detection, as scripts can change the malware's payload and behavior at any time.
Photo Credit: Check Point Research According to some evidence, it seems that Electron-bot was created in Bulgaria, since it is the country most present in the source code, in addition to the fact that the Sound Cloud account and the YouTube channel promoted by the bot are under the name of "Ivaylo Yordanow" , Bulgarian wrestler and footballer.
Microsoft Official Store Plagued By New Malware; Affects 5,000 Machines
| Published: Friday, February 25, 2022, 13:32 [IST]
Malware attacks have become more widespread in recent years. We keep hearing news about how new spyware is infecting consumers' devices and extracting their personal information. According to reports, another malware is infecting users' devices by posing as a legitimate program on the Microsoft Store and getting into their devices.
However, this infection is considered unique. This new spyware takes control of users' social network accounts instead of taking personal information. In its most recent report, security research firm Check Point Research (CPR) described a new malware known as the 'Electron Bot,' which is capable of acquiring control of users' social media accounts such as Facebook, Google, Soundcloud, and perhaps even YouTube.
According to the security research group, the new malware is being actively spread through Microsoft's official retail outlet and has already infected over 5,000 machines.'Attacker commands, such as manipulating social network accounts on Facebook, Google, and Sound Cloud, are constantly executed by the malware. In its analysis, the company stated that the malware can register new accounts, log in, comment on, and like other articles.
Electron Bot is a customizable SEO poisoning malware that is used for promotional campaigns and clicks fraud, according to the research. It is mostly delivered through the Microsoft Store via dozens of infected programs, the majority of which are games. The attackers are continually uploading these games.
To prevent detection, the majority of the malware's scripts are automatically loaded at run time from the attackers' servers. The reports claim that this allows attackers to change the composition of the virus and the behavior of the bots at any time.
Electron Bot Malware AttacksAccording to CPR, the Electron Bot malware infection chain begins with the installation of an infected application from the Microsoft Store. When a user plays a game obtained from the Microsoft Store, a JavaScript dropper is instantly loaded from the attackers' server in the background, which performs multiple tasks, notably downloading and installing malware and obtaining perseverance on the startup folder.
The malware is activated, at the subsequent system startup. Once deployed, it connects to the C&C domain Electron Bot and receives a dynamic JavaScript payload containing a set of capabilities functions, including management of the infected users' social media accounts.
How To Get Rid Of Electron Bot MalwareAvoiding installing an app with a tiny number of ratings is one of the greatest strategies to avoid being a victim of this infection. CPR advises selecting for apps with positive, consistent, and dependable evaluations, as well as paying attention to dubious app naming that differs from the original name.
If your computer has already been infected by this software, follow these steps to wipe it up:
- Uninstall the software from the Microsoft Store.
- Delete the malware's package folder from your computer. To do so, take the following steps: Look for one of the following directories in C:\Users\AppData\Local\Packages> and delete it.
- Delete the LNK file connected with it from the Start Up folder. To do so, take the following steps: Look for a file titled Skype.lnk or WindowsSecurityUpdate.lnkin C:\Users\AppData\Microsoft\Windows\Start Menu\Programs\Startup and delete it.
Best Mobiles in India
1,29,900
79,990
38,900
1,19,900
18,999
19,300
69,999
86,999
20,999
1,04,999
49,999
15,999
20,449
7,332
18,990
31,999
54,999
17,091
17,091
13,999
44,110
16,924
56,845
39,040
10,235
14,530
25,810
29,999
85,275
5,120
Allow Notifications
You have already subscribed
Story first published: Friday, February 25, 2022, 13:32 [IST]