"Microsoft App Store Sizzling with New ‘Electron Bot’ Malware"

A backdoor malware, dubbed Electron Bot, is actively taking over social media accounts, including those on Facebook, Google, and Soundcloud, and has cloned popular games such as Temple Run or Subway Surfer to infiltrate Microsoft's official store. The backdoor allows attackers to take full control over compromised machines. It can remotely enable operators to register new accounts, log in, comment, and like social media posts in real-time. According to a report recently released by Check Point Research (CPR), over 5,000 people in Bermuda, Bulgaria, Russia, Spain, Sweden, and more, have fallen victim to the malware. Its main path of distribution is through the Microsoft store platform, as it hides in dozens of infected apps, most of which are games that the threat actors are constantly uploading. CPR researchers describe the Electron Bot backdoor as a modular Search Engine Optimization (SEO) poisoning malware used for social media promotion and click fraud. SEO poisoning is a technique in which threat actors create malicious websites and use SEO strategies to make them appear above legitimate sites in search results. Electron Bot is also said to be an ad clicker, which constantly clicks on remote websites to generate clicks on ads generating Pay-Per-Click (PPC) ad revenue. The attackers have also been using Electron Bot to promote social media accounts to direct traffic to specific content, thus increasing views and ad-clicking for PPC revenue. CPR explains that the Electron framework allows the bot to imitate human browsing behavior and circumvent protections implemented for websites. This article continues to discuss the discovery, capabilities, and infection routine of the new Electron Bot malware, as well as other malware found in official app stores.  

Threatpost reports "Microsoft App Store Sizzling with New ‘Electron Bot’ Malware"