Electron Bot Lurks in Fake Microsoft Store Apps

Microsoft Took Over Six Domains COVID-19 Scam

Cybercriminals are distributing new and dangerous piece of malware, which targets Windows devices. The infection vector that the payload uses is pretty peculiar – apparently, the crooks have managed to bypass the verification steps of the official Microsoft Store. The malware, dubbed Electron Bot, was hidden inside fake copies of popular apps and games such as Temple Run.

The Electron Bot works like a backdoor Trojan, which users will not notice unless they run an anti-malware scanner. It enables criminals to control the victim's machine remotely. However, instead of using this opportunity to wreak havoc and steal data, the Electron Bot operators are looking into other tactics. They appear to be hijacking social media accounts and creating new social media profiles. The purpose of this may vary – ad-fraud, SEO poisoning, and more.

So far, over 5,000 active instances of the Electron Bot have been detected. It seems that the majority of victims are located in Russia, Spain, Bulgaria, and Sweden. SEO-poisoning malware is certainly a fairly novel tactic, and it remains to see how the Electron Bot criminals will use it. They might be using the strange botnet to push scam websites on top of search engine results for specific keywords – something that could prove to be very dangerous.

While the Electron Bot is not a direct threat to users, it might get their IP flagged for suspicious behavior by popular services. Needless to say, this is not something that you want to encounter since it may prevent you from using Google, Twitter, Facebook, YouTube, etc. The best way to ensure that the Electron Bot is not on your system, and it will never cause trouble for you, is to use an up-to-date anti-malware tool at all times.

February 28, 2022