The so-called Electron Bot malware has found its way onto the Microsoft Store and is able to spread by disguising itself as popular games, including SubwaySurfer and Temple Run. Once infected, the malware engages in social media manipulation, click fraud, and SEO poisoning, according to security firm Checkpoint.
The malware gets its name from the Electron software framework with which it is built. After infection, the malware opens a hidden browser window and impersonates a real user by loading websites and mimicking behavior. By simulating mouse movements, scrolling behavior, and keyboard input, the malware can impersonate websites and Google as a legitimate user.
What do the malware makers want?
When installed, the malware allows it to take full control of the system. This allows manual real-time interaction with the system and remote code execution. As far as we know, there are about 5000 users who have downloaded the malware. According to Checkpoint’s security researchers, the malware has the following motives:
Social Media Promotion: Much of the functionality appears to be aimed at influencing social media. For example, the malware can create social media accounts and place pre-programmed comments, for example on YouTube videos.
Promotion of products: The malware is used both on social media and in advertising to put certain products in a positive light. Fake reviews, fake comments and posts promoting specific products are all possible.
Click fraud: The malware opens websites in the background and clicks ads out of the user’s view. For example, it appears to advertisers that an ad on certain websites performs better than it actually