We spend the day connected to the Internet and this makes us exposed to all the threats that circulate on the network. The type of virus is very varied: malware, ransomware, spyware, Trojans and much more. On this occasion, you will have to be alert if you have downloaded or want to download any of the popular games like Temple Run or Subway Surfer because a malware called Electron Bot has made its way into Windows.
The malware has found its way into the official Microsoft store through clones of popular games that gamers download to their computers. Electron Bot has infected approximately 5,000 computers in Spain, Sweden, Israel and Bermuda. It has been detected and analyzed by the cyberintelligence company Check Point, classifying it as a backdoor, a type of virus designed to give malicious users access to remote control of an infected computer.
Click Fraud and Social Media Promotion
The objective of those responsible for this threat is to gain control of social network accounts on Facebook, YouTube, Google and Sound Cloud. Electro Bot malware allows registration of new accounts, comments and likes on these platforms.
This is not a new virus, it was first discovered at the end of 2018 in one of its first variants that managed to access the Microsoft Store as “Google Photos Album”, published by a fake Google LLC entity. Since then, the creators of this malware have been adding new tools and methods that make it difficult to detect.
A bot developed with Electron, hence its name, is capable of simulating natural browsing behavior and carrying out actions within a website as if it were just another user. Its mode of action is by opening a hidden window in the browser using the Chromium engine.
According to Check Point researchers, the main objectives of Electron Bot are the following:
- Create sites that rank high in Google search results.
- Direct traffic to specific content on social networks.
- Non-visible ad clicks, a computer infection that runs in the background.
- Online product promotion.
Electron Bot infection chain
All of them functions that are offered as services to those users who want to increase their earnings online. In this case, the profits are indirect for those in control of the malware. The Electron Bot payload is made dynamically, therefore attackers can use it as a backdoor and gain full control of a user’s device.
Featured in game apps in the Microsoft Store
After Check Point’s analysis , they have detected dozens of infected applications in the Microsoft store. Among them such popular titles as Temple Run or Subway Surfer. The investigators have counted a total of 5,000 victims in 20 countries , the majority located in Spain, Sweden, Israel and Bermuda.
In addition, they have found several malicious video game distributors where all the apps are related under the same malicious campaign, confirming the following names:
- Lupy games
- crazy 4 games
- Jeuxjeuxkeux games
- Akshi games
- goo games
- Bizon case
An action that results in games like Temple Endless Runner 2 having a practically five-star rating and almost 100 positive reviews. Although the current version of Electron Bot does not engage in high-risk activities, Check Point suggests all Windows users to avoid downloading apps with poor reviews and to make sure the name of the app is correct.