comscore New malware on Microsoft Store can control of your Facebook, Google accounts

This new malware can take control of your social media accounts

The new malware is actively being distributed through Microsoft’s official store and that it has already affected over 5,000 machines.


Image: Pixabay

Malware attacks have become relatively common these days. Time and again we keep hearing reports that detail how new malware was extracting users’ personal information by infecting their devices. Now, reports have discovered another malware that is infecting users’ devices by sneaking in on their devices by disguising itself as a legit app on the Microsoft Store. Also Read - Google rolls out third Android Beta 13 Beta 3 build with bug fixes

But there is something different about this malware. Instead of stealing users’ personal information, this new malware gains control of users’ social media accounts. Security research firm Check Point Research (CPR) in its latest report has detailed a new malware dubbed as the ‘Electron Bot’ that is capable of gaining control of users’ social media accounts including Facebook, Google, Soundcloud and even YouTube. Also Read - Facebook revamps groups, introduces chat channels, audio channels and more

The security research firm in its report said that the new malware that is actively being distributed through Microsoft’s official store and that it has already affected over 5,000 machines. “The malware continually executes attacker commands, such as controlling social media accounts on Facebook, Google and Sound Cloud. The malware can register new accounts, log in, comment on and “like” other posts,” the company wrote in its report. Also Read - Assam floods: Google starts SOS alert and fundraising to help impacted communities

What is Electron Bot malware?

As the report explains, Electron Bot is a modular SEO poisoning malware that is used for social media promotion and click fraud. It is mainly distributed via the Microsoft Store using dozens of infected applications, mostly games. These games are constantly uploaded by the attackers. “To avoid detection, most of the scripts controlling the malware are loaded dynamically at run time from the attackers’ servers. This enables the attackers to modify the malware’s payload and change the bots’ behaviour at any given time,” the report says.

How does Electron Bot malware work?

CPR says that the infection chain of Electron Bot malware starts with the installation of an infected application downloaded from the Microsoft Store. When a user launches the game downloaded from the Microsoft Store, a JavaScript dropper is loaded dynamically in the background from the attackers’ server, which executes several actions including downloading and installing the malware and gaining persistence on the startup folder.

The malware is launched at the next system startup. Once it is launched, it establishes a connection with the C&C domain Electron Bot and receives a dynamic JavaScript payload with a set of capability functions including controlling the infected users’ social media accounts.

How can I protect myself?

Some of the best ways to avoid falling prey to this malware is to avoid downloading an app with a small amount of reviews. CPR recommends looking for apps with good, consistent and reliable reviews and paying attention to suspicious application naming which is not identical to the original name.

If you have fallen prey to this malware, here’s what you can do to clean already infected machines:

– Remove the downloaded app from Microsoft Store.

– Remove the malware’s package folder. To do so follow this path: Go to C:\Users\\AppData\Local\Packages > look for one of the following folders and remove it.

– Remove associated LNK file from the Start Up folder. To do so follow this path: Go to C:\Users\\AppData\Microsoft\Windows\Start Menu\Programs\Startup > look for a file named Skype.lnk or WindowsSecurityUpdate.lnk and remove it.

For the latest tech news across the world, latest PC and Mobile games, tips & tricks, top-notch gadget reviews of most exciting releases follow BGR India’s Facebook, Twitter, subscribe our YouTube Channel. Also follow us on  Facebook Messenger for latest updates.
  • Published Date: February 25, 2022 11:57 AM IST

new arrivals in india