- Popular games such as “Temple Run” or “Subway Surfer” were found to be malicious
- Attackers can use the installed malware as a backdoor in order to gain full control on the victim’s machine
- Most of the victims are from Sweden, Bulgaria, Russia, Bermuda and Spain
Check Point Research (CPR) has spotted new malware that is actively being distributed through Microsoft’s official store. With over 5,000 machines already affected, the malware continually executes attacker commands,
such as controlling social media accounts on Facebook, Google and Sound Cloud. The malware can register new accounts, log in, comment on and “like” other posts.
Disclosure
CPR has reported to Microsoft all detected game publishers that are related to this campaign.
Research by: Moshe Marelus
Introduction:
CPR researchers detected a new malware, dubbed Electron Bot, which has infected over 5,000 active machines worldwide. CPR chose the name based on the last campaign’s C&C domain Electron Bot[.]s3[.]eu-central-1[.]amazonaws.com.
Electron Bot is a modular SEO poisoning malware, which is used for social media promotion and click fraud. It is mainly distributed via the Microsoft store platform and dropped from dozens of infected applications, mostly games, which are constantly uploaded by the attackers.
Figure 1: VirusTotal score
The attackers’ activity began as an ad clicker campaign discovered at the end of 2018. The malware in question was hiding in the Microsoft store as an app called “Album by...
Read Full Story: https://research.checkpoint.com/2022/new-malware-capable-of-controlling-social-media-accounts-infects-5000-machines-and-is-actively-being-distributed-via-gaming-applications-on-microsofts-official-store/
Your content is great. However, if any of the content contained herein violates any rights of yours, including those of copyright, please contact us immediately by e-mail at media[@]kissrpr.com.
