Cybersecurity researchers from Check Point Research (CPR) have found a new malware circulating around the web that is capable of taking over the victim’s social media accounts, and using them for promotion and monetary gain.
The researchers sayithe malware, which they named Electron-bot, is being distributed through the Microsoft store. On the store, “several” malicious publishers created a number of games and apps which carry the virus, including relatively popular titles such as Temple Run, or Subway Surfer.
Once installed, the “game” downloads files, and executes scripts, all with the goal of gaining persistence, and avoiding detection, on the endpoint.
Once that’s completed, it can start with the actual work, which includes SEO poisoning (boosting search engine results for certain, malicious landing pages), Ad Clicking (clicking ads on sites so that the seller of the ad space gets more revenue from the ad network), social media account promotion, as well as online product promotion.
Apparently, a Bulgarian threat actor is behind the campaign. CPR says. All of the malware’s variants were uploaded to the “mediafire.com” public cloud storage, originating from Bulgaria. The YouTube and SoundCloud accounts being promoted through the malware campaign belong to a Bulgarian wrestler and soccer player, while Bulgaria, as a country, is the most promoted one in the source code.
A total of 5,000 endpoints are already affected, the researchers are saying. The bulk of those are located in Sweden, Bermuda, Israel, and Spain, although the victims are scattered around 20 countries.
CPR has warned users to be vigilant when downloading apps, even from legitimate sources, and to look at the number of reviews, downloads, as well as for potential typos in the name of the game or the publisher, hinting that even in the most well-guarded app stores, malicious actors can sometimes slip through the cracks.
“Most people think that you can trust application store reviews, and they don’t hesitate to download an application from there. There’s incredible risk with that, as you never know what malicious items you can be downloading,” noted Daniel Alima, Malware Analyst at Check Point Research.