Malware attacks have become relatively common these days. Time and again we keep hearing reports that detail how new malware was extracting users’ personal information by infecting their devices. Now, reports have discovered another malware that is infecting users’ devices by sneaking in on their devices by disguising itself as a legit app on the Microsoft Store. Also Read - Google rolls out third Android Beta 13 Beta 3 build with bug fixes
But there is something different about this malware. Instead of stealing users’ personal information, this new malware gains control of users’ social media accounts. Security research firm Check Point Research (CPR) in its latest report has detailed a new malware dubbed as the ‘Electron Bot’ that is capable of gaining control of users’ social media accounts including Facebook, Google, Soundcloud and even YouTube. Also Read - Facebook revamps groups, introduces chat channels, audio channels and more
The security research firm in its report said that the new malware that is actively being distributed through Microsoft’s official store and that it has already affected over 5,000 machines. “The malware continually executes attacker commands, such as controlling social media accounts on Facebook, Google and Sound Cloud. The malware can register new accounts, log in, comment on and “like” other posts,” the company wrote in its report. Also Read - Assam floods: Google starts SOS alert and fundraising to help impacted communities
What is Electron Bot malware?
As the report explains, Electron Bot is a modular SEO poisoning malware that is used for social media promotion and click fraud. It is mainly distributed via the Microsoft Store using dozens of infected applications, mostly games. These games are constantly uploaded by the attackers. “To avoid detection, most of the scripts controlling the malware are loaded dynamically at run time from the attackers’ servers. This enables the attackers to modify the malware’s payload and change the bots’ behaviour at any given time,” the report says.
How does Electron Bot malware work?
How can I protect myself?
Some of the best ways to avoid falling prey to this malware is to avoid downloading an app with a small amount of reviews. CPR recommends looking for apps with good, consistent and reliable reviews and paying attention to suspicious application naming which is not identical to the original name.
If you have fallen prey to this malware, here’s what you can do to clean already infected machines:
– Remove the downloaded app from Microsoft Store.
– Remove the malware’s package folder. To do so follow this path: Go to C:\Users\\AppData\Local\Packages > look for one of the following folders and remove it.
– Remove associated LNK file from the Start Up folder. To do so follow this path: Go to C:\Users\\AppData\Microsoft\Windows\Start Menu\Programs\Startup > look for a file named Skype.lnk or WindowsSecurityUpdate.lnk and remove it.