New malware controls social media

New malware capable of controlling social media accounts has infected 5,000+ devices and is widely distributed through gaming applications in the official Microsoft Store.

Check Point Research (CPR) has identified new malware that is widely distributed through gaming applications in the official Microsoft store, according to a post on the epixeiro.gr website. Called as Electron-bot, the malware can control the social media accounts of its victims, including Facebook, Google, and Sound Cloud. Malicious software can register new accounts, log in, comment, and “like” other posts. CPR has so far counted 5,000 victims in 20 countries. CPR urges users to immediately delete applications from different publishers.

  • Popular games like “Temple Run” or “Subway Surfer” were found to be malicious.
  • Attackers can use the installed malware as a backdoor to gain complete control over the victim’s machine
  • Most victims come from Sweden, Bermuda, Israel, and Spain

Check Point Research (CPR) has identified new malware that is widely distributed through the official Microsoft Store. With more than 5,000 machines already affected, the malware is constantly executing attackers’ commands, such as checking Facebook, Google, and Sound Cloud social media accounts. Malicious software can register new accounts, log in, comment, and “like” other posts.

Named Electron-bot by CPR, the full capabilities of the malware are as follows:

  • SEO poisoning is a method of attack in which cybercriminals create malicious websites and use search engine optimization tactics to make them appear prominent in search results. This method is also used as a sale as a service to promote the ranking of other sites.
  • Ad Clicker is a computer infection that runs in the background and is constantly linked to by remote sites to generate “clicks” on ads, making a profit from how many times an ad is clicked.
  • Promote social media accounts, such as YouTube and SoundCloud, to drive traffic to specific content and increase views and ad clicks to generate profits.
  • Promotion of online products, to generate profits by clicking on ads or increase the store rating for higher sales.


In addition, as the Electron-bot payload loads dynamically, attackers can use the installed malware as a backdoor to gain complete control over the victim’s machine.

Distribution through game applications in the Microsoft Store


There are dozens of infected applications in the Microsoft Store. Popular games like “Temple Run” or “Subway Surfer” were found to be malicious. CPR has identified several malicious game providers, where all the applications under these providers are related to the malicious campaign:

  • Lupy games.
  • Crazy 4 games.
  • Jeuxjeuxkeux games
  • Akshi games
  • Goo Games
  • bison case

Victims

So far, CPR has counted 5,000 in 20 countries. Most of the victims come from Sweden, Bermuda, Israel, and Spain.

Read the full article here

Facebook
Twitter
LinkedIn
Pinterest

Other posts