Malware spreads through Microsoft Store games

New, new malware, in the form of a game application, has been released across the Microsoft Store. It can be used to control social media accounts.

Checkpointa cybersecurity firm, dubbed the malware electronic robot. This software should have surrounded 5,000 Windows computers in various countries such as Sweden, Bulgaria and Spain. For the time being, the identity of the attacker is not yet known, but certain elements indicate that he could be located outside Bulgaria.

According to the company beeping computer, the first signs of the malware appeared in 2018 through a click-through advertising campaign. The malware would be hidden in the application Google Photos.

Multiple functional features

The main function of Electron Bot is to open a hidden browser to increase the number of clicks to pay ads or to poison SEO. In addition, this software allows to redirect the traffic to social media content such as Youtube and sound cloud. It also helps to promote certain products or to increase the score of a store to improve its level.

In addition, this software offered features to manage networks and social media like Facebook, Google and Sound Cloud. This is in particular to open accountsto connect and comment, as well as to like other posts to improve visibility.

Moreover, in addition to the use of the cross-platform Electron Framework, the malware is created to process loading files exported from the C2 server. Thus, its identification in systems becomes more hard to do.

A more than strange mode of contamination

When a user downloads one of these infected apps since Microsoft Storethe attack process is automatically triggered. Once launched, it loads the game, secretly removes and installs the next stage dropper via JavaScript.

In addition, scientists from Check Point believe that attackers have the ability to change the malware codewhat modifies son behavior. This change would be due to the load of the software which s‘execute dynamically each time the infected game application is launched.

“This allows attackers to modify the malware payload and change the behavior of bots at any time. »

Check Point’s Moshe Marelus



Leave a Comment