Go to listing page

Electron Bot Leverages Microsoft App Store to Pierce Social Media Accounts

Electron Bot Leverages Microsoft App Store to Pierce Social Media Accounts
An SEO poisoning bot has been taking over social media accounts and masquerading as the Temple Run game. The bot targets multiple social media accounts such as Facebook, Google, and SoundCloud.

About Electron bot

The bot, named Electron, infiltrated Microsoft’s official store by cloning Temple Run or Subway Surfer games. The bot enables the attackers to take control over compromised machines.
  • Among the multiple malicious actions, Electron can be executed remotely allowing the operators to create new accounts, log in, comment, and like other social media posts in real-time.
  • Additionally, the malware has already claimed around 5,000 victims in 20 countries and most of them are located in Russia, Bermuda, Spain, Sweden, and Bulgaria.

The infection process

The infection begins when a victim installs a malicious app from the Microsoft Store. When the app is launched, a JavaScript dropper is dynamically loaded, which downloads and installs the malware.

The ad fraud in focus

According to CPR researchers, this newly discovered Electron bot backdoor is described as a modular SEO-poisoning malware. The bot has been used for click fraud and social media promotion.
  • The bot increases the number of malicious sites’ SEO showings and is sold as a service to advertise other websites’ rankings.
  • It can be used as an ad clicker and constantly clicks on remote websites to produce clicks on ads to generate higher Pay-per-Click (PPC) ad revenue. 
  • Further, the bot promotes online products to generate PPC revenue or increase a store’s rating for increased sales.
  • It advertises social media accounts to direct traffic to particular content. Thus, the view is blocked and creates more ad-clicking for the PPC loot.

Conclusion

Electron bot is active in the wild and smartphone users should be alerted regarding this threat. Further, experts suggest avoiding apps with a small number of reviews. Look for applications with good and reliable reviews and pay attention to suspicious app naming.

Cyware Publisher

Publisher

Cyware