Malware attacks have become relatively common these days. Time and again we keep hearing reports that detail how new malware was extracting users’ personal information by infecting their devices. Now, reports have discovered another malware that is infecting users’ devices by sneaking in on their devices by disguising itself as a legit app on the Microsoft Store.
But there is something different about this malware. Instead of stealing users’ personal information, this new malware gains control of users’ social media accounts. Security research firm Check Point Research (CPR) in its latest report has detailed a new malware dubbed as the ‘Electron Bot’ that is capable of gaining control of users’ social media accounts including Facebook, Google, Soundcloud and even YouTube.
The security research firm in its report said that the new malware that is actively being distributed through Microsoft’s official store and that it has already affected over 5,000 machines. “The malware continually executes attacker commands, such as controlling social media accounts on Facebook, Google and Sound Cloud. The malware can register new accounts, log in, comment on and “like” other posts,” the company wrote in its report.
What is Electron Bot malware?
As the report explains, Electron Bot is a modular SEO poisoning malware that is used for social media promotion and click fraud. It is mainly distributed via the Microsoft Store using dozens of infected applications, mostly games. These games are constantly uploaded by the attackers. “To avoid detection, most of the scripts controlling the malware are loaded dynamically at run time from the attackers’ servers. This enables the attackers to modify the malware’s payload and change the bots’ behaviour at any given time,” the report says.
How does Electron Bot malware work?
CPR says that the infection chain of Electron Bot malware starts with the installation of an infected application downloaded from the Microsoft Store. When a user launches the game downloaded from the Microsoft Store, a JavaScript dropper is loaded dynamically in the background from the attackers’ server, which executes several actions including downloading and installing the malware and gaining persistence on the startup folder.
The malware is launched at the next system startup. Once it is launched, it establishes a connection with the C&C domain Electron Bot and receives a dynamic JavaScript payload with a set of capability functions including controlling the infected users’ social media accounts.
How can I protect myself?
Some of the best ways to avoid falling prey to this malware is to avoid downloading an app with a small amount of reviews. CPR recommends looking for apps with good, consistent and reliable reviews and paying attention to suspicious application naming which is not identical to the original name.
If you have fallen prey to this malware, here’s what you can do to clean already infected machines:
– Remove the downloaded app from Microsoft Store.
– Remove the malware’s package folder. To do so follow this path: Go to C:\Users\\AppData\Local\Packages > look for one of the following folders and remove it.
– Remove associated LNK file from the Start Up folder. To do so follow this path: Go to C:\Users\\AppData\Microsoft\Windows\Start Menu\Programs\Startup > look for a file named Skype.lnk or WindowsSecurityUpdate.lnk and remove it.
The post This new malware can take control of your social media accounts appeared first on BGR India.
