Electron-bot is the new malware that has infected over 5,000 users on the Microsoft Store

Through a press release, Check Point ResearchThreat Intelligence division of Check Point Software Technologiesannounced that it has spotted new malware on Microsoft Storecalled Electron-botparticularly present in very popular games such as “Temple Run” And “Subway Surfer“.

Photo Credit: Check Point Research

According to company data, Electron-Bot has already infected over 5,000 users in twenty countries, most of which belong to Sweden, Bermuda, Israel and Spain. Malware, which can control victims’ social accounts, has several capabilities:

  • SEO poisoning, a method by which cybercriminals create malicious websites and use search engine optimization tactics to show them in the top search results. This method is also used in sales as a service to promote the ranking of other sites.
  • Ad Clickera computer infection that runs in the background and constantly connects to websites to generate “clicks” for the ad, thus profiting from the number of clicks that this ad receives.
  • Promote the social accountsuch as YouTube and SoundCloud to direct traffic to specific content and increase views and clicks on ads, thus generating profits.
  • Promote products onlineto generate profits with ad clicks or increase the store rating to increase sales.

Electron-bot is present in the games of some publishers, such as Lupy games, Crazy 4 games, Jeuxjeuxkeux games, Akshi games, Goo Games, Bizon case and others. Its operation is quite simple: after downloading a malicious application from the Microsoft Store, after installation, scripts sent by servers are executed that allow hackers to take control of the system gradually through a series of commands. This behavior also allows cybercriminals to evade detection, as scripts can change the malware’s payload and behavior at any time.

Photo Credit: Check Point Research

According to some evidence, it seems that Electron-bot was created in Bulgaria, since it is the country most present in the source code, in addition to the fact that the Sound Cloud account and the YouTube channel promoted by the bot are under the name of ” Ivaylo Yordanow ”, Bulgarian wrestler and footballer.