Fake game apps on the Microsoft Store release Electron Bot malware

Fake game apps on the Microsoft Store release Electron Bot malware

The malware has various features, including SEO poisoning, where cybercriminals create infected websites and use SEO tactics to ensure that these pages appear prominently in search results.

Israel-based cybersecurity research firm Check Point has revealed the details of a dangerous malware hiding in fake versions of popular games on the official Microsoft Store.

The malware has been named Electron Bot as a reference to the C2 domain used in some of the campaigns. The identity of the malware author is unknown, but researchers believe that the malware may be operating outside of Bulgaria.

If you enjoy playing video games like Subway Surfers or Temple Run, be careful when downloading them to your device because there are fake versions of many popular games available on the Microsoft Store loaded with Electron Bot malware.

Malicious game app on Microsoft Store spreading Electron Bot malware
Malware infected and fake app on Microsoft Store (Image: Check Point)

Some of the game publishers that allegedly release fake games include Akshi Games, Bizon Case, Lupy Games, Goo Games, Crazy 4 Games and Jeuxjeuxkeux Games. Do not download games from these companies as they may contain malware. Like for example Temple Endless Runner 2 is promoted as a sequel to Temple Run but it is actually a clone that wants to infect your device.

About Electron Bot

According to Check Point’s research, Electron Bot is a “modular SEO poisoning malware.” Its primary use is for social media marketing and click fraud, Moshe Marelus wrote in the Check Point report.

See also  WhatsApp Hacked 7.3M OZ Users Revealed, As AG Dreyfus Delivers New Big, Fine Cyber ​​Bill - Channel News

The malware is distributed through the Microsoft Store platform and has infected dozens of games and applications so far. Furthermore, researchers noted that attackers are constantly uploading infected games/apps to trap innocent users.

According to Check Points report, the attackers’ activities were identified after an ad clicker campaign was discovered in late 2018. The Electron Bot allegedly hid inside an app on the Microsoft Store called Album by Google Photos, published by Google LLC. Since then, the malware has evolved considerably as attackers have added new features and techniques to improve its capabilities.

For your information, the bot is developed using the Electron framework. The framework is used to build a cross-platform desktop application using web scripts. It combines the Node.js runtime with the Chromium rendering engine to allow malware the functions of a browser controlled by scripts, such as JavaScript.

More Microsoft security news

  1. Hackers use Microsoft Teams chat to spread malware
  2. Kraken botnet bypasses Windows Defender to steal crypto wallet data
  3. Microsoft warns of Azure vulnerability that exposed users to data theft
  4. Update Windows 10 to repair critical vulnerabilities in Microsoft Store games
  5. Microsoft: ‘Destructive Malware’ Fakes Ransomware to Target Ukrainian Organizations

Elektronbot features

The malware has various features, including SEO poisoning, where cybercriminals create infected websites and use SEO tactics to ensure that these pages appear prominently in search results.

Electron Bot is also used as an ad clicker to link to external websites and generate clicks for ads. Electron Bot is also a backdoor that allows the attacker to gain full control over the infected device and perform click fraud and social media marketing via YouTube, Google, Facebook and Sound Cloud.

See also  Romance victim shares history

Furthermore, Electron Bot can also promote online products to increase store ratings or generate revenue via ad clicks. Apart from carrying out social media marketing, it can register new accounts, log into those accounts and like and comment on posts.

How to stay protected?

Electron Bot has infected around 5,000 computers in Israel, Sweden, Spain and Bermuda. However, researchers claim that the campaign will soon spread to more regions. You can avoid infection by checking the names of the games on the MS Windows Store.

Make sure the name matches the known device. Never trust games with very low or very high reviews. Finally, avoid downloading games from the publishers mentioned above.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *