According to CheckPoint, its distribution remains active at this time. The firm has provided Microsoft with data about the game publishers being used in the malicious campaign.
Malware’s Main Aim is Social Media Promotion and Click Fraud
Electron Bot is a modular SEO poisoning malware. Its primary attack method is to create disguised malicious websites that pop up on search engines for unsuspecting users to click on. Once clicked, the malware infects the device, and eventually establishes persistence. The malware itself has the ability to control its victims’ social media accounts on Facebook, YouTube, and SoundCloud. It can even register new accounts, log in to existing accounts, and interact with posts (through ‘likes’ and comments). The malware operator uses this access to promote certain social media accounts. It is sophisticated enough to allow the malware operator to imitate human browsing behavior, thereby evading website security. It also has Ad clicker capabilities. This is a computer virus that runs in the background, constantly connecting to websites to create advertisement “clicks.” This allows the operator to generate profits or manipulate store and product ratings.
Malicious Apps Function as Expected for Users
Researchers spotted the first avatar of this campaign in late 2018. At the time, an early variant was found on the Microsoft Store under the name “Album by Google Photos.” Its publisher misrepresented itself as Google LLC. The current version of Electron Bot features significant upgrades, including advanced evasion capabilities like dynamic script loading. The malware operators constantly tweak and update the app titles in order to prolong the campaign. In fact, users who download an infected app usually find that it works as expected, while its malicious actions take place in the background. This has led to many of the malicious apps having positive ratings on the Microsoft Store. For example, Temple Endless Runner 2 has a near-perfect rating based on 92 customer reviews.
Check Point Urges Windows Users to Exercise Caution
For the benefit of Windows users, here is a list of confirmed publishers of Electron Bot infected apps:
Lupy games Crazy 4 games Jeuxjeuxkeux games Akshi games Goo Games Bizzon Case
Check Point has also recommended that users avoid downloading any apps that do not have a healthy number of reviews. Furthermore, Windows users ought to look into developer and publisher details and check app names for traces of typo-squatting. If this story piqued your interest, check out our explainer on Trojans.
