There are reports that the malware has entered the Microsoft Store through some Windows UWP apps for Windows 11 and Windows 10. Check Point Research, an organization that offers cyber threat intelligence to the greater intelligence community, has found that a malware, dubbed Electron Bot, has infected over 5,000 active computers worldwide. Microsoft Store appeared to be the source of the malware.
Malware infiltrates the Microsoft Store
Games like “Temple Run” and “Subway Surfer” were found to be malicious. Malware can register new accounts, log in, comment, and like other posts. This is alarming since most people trust reviews on application stores and do not hesitate to download applications from them. With this process, it’s clear that there is also a great deal of risk. Therefore, users should follow a few safety tips when downloading applications.
Check Point Research (CPR) has discovered new malware that is being distributed through Microsoft’s official store. The malware is already infecting over 5,000 machines, the malware continuously executes attacker commands, such as controlling social media accounts on Facebook, Google, and Soundcloud. The malware can interact with a blog by registering new accounts, logging in, commenting on, and “liking” other posts.
The research team chose to name the malware as Electron Bot, based on the last campaign’s C&C domain Electron Bot[.]s3[.]eu-central-1[.]amazonaws.com. The bot’s main capabilities are:
- SEO poisoning – Utilizing search engine optimization tactics to make these malicious websites appear prominently in search results.
- Ad Clicker – An infection running in the background to generate ‘clicks’ for advertisements, profiting financially
- Promoting online products – Fake method to generate profits with ad clicking or increasing store rating for higher sales.
To avoid falling victim to Electron Bot attacks, avoid downloading an application with less amount of reviews. Trust only applications with good, consistent, and reliable reviews. Second, watch out for unusual application naming that is not identical to the original name.
For remediation, read the additional steps outlined in this post.