Reports suggest the malware has entered the Microsoft Store via some Windows UWP apps for Windows 11 and Windows 10 found in the Store. Check Point Research, a company that provides leading cyber threat intelligence to the greater intelligence community discovered, a malware, dubbed Electron Bot has infected over 5,000 active machines worldwide. The malware was found to spread through the Microsoft Store.
Malware infiltrates the Microsoft Store
Popular games such as “Temple Run” or “Subway Surfer” were found to be malicious. The malware can register new accounts, log in, comment on and “like” other posts. This is alarming since most people trust application store reviews and therefore, do not hesitate to download an application from its platform. Now, it’s clear that there’s incredible risk involved with this process too. As such, users should follow a few safety tips when downloading applications.
Check Point Research (CPR) has spotted new malware that is actively being distributed through Microsoft’s official store. With over 5,000 machines already affected, the malware continually executes attacker commands, such as controlling social media accounts on Facebook, Google, and Sound Cloud. The malware can register new accounts, log in, comment on, and “like” other posts, mentioned a blog post.
The research team chose to name the malware as Electron Bot, based on the last campaign’s C&C domain Electron Bot[.]s3[.]eu-central-1[.]amazonaws.com. The bot’s main capabilities are:
- SEO poisoning – Creating malicious websites and using search engine optimization tactics to make such malicious websites show up prominently in search results.
- Ad Clicker – An infection running in the background to generate ‘clicks’ for advertisements, profiting financially
- Promoting online products – Fake method to generate profits with ad clicking or increasing store rating for higher sales.
To avoid falling victim to Electron Bot attacks, avoid downloading an application with less amount of reviews. Only trust applications that have good, consistent, and reliable reviews. Secondly, pay attention to suspicious application naming which is not identical to the original name.
For remediation, read the additional steps outlined in this post.