Categories
Business Tech World

New malware in the Microsoft Store can control your Facebook, Google accounts

Malware attacks have become relatively common these days. Time and again we hear reports describing how new malware managed to extract users’ personal information by infecting their devices. Now, reports have discovered another malware that infects users’ devices by sneaking into their devices by disguising itself as a legitimate app in the Microsoft Store. Also read – How to make money with Google Maps?

But there is something different about this malware. Rather than stealing users’ personal information, this new malware gains control over users’ social media accounts. Security research firm Check Point Research (CPR) in its latest report detailed a new malware dubbed the “Electron Bot” capable of taking control of users’ social media accounts, including facebookGoogle, Soundcloud and even YouTube. Also read – Qualcomm Snapdragon Wear 5100, 5100+ Chip Details Leaked Before Launch: Details Here

The security research firm said in its report that the new malware, which is actively being distributed through Microsoft’s official store, has already affected more than 5,000 machines. “The malware is constantly executing commands from the attackers, such as checking social media accounts on Facebook, Google and Sound Cloud. The malware can register new accounts, log in, comment on and “like” other messages,” the company wrote in its report. Also read – Mark Zuckerberg Burned $500 Billion Renaming Facebook to Meta

What is Electron Bot malware?

As the report explains, Electron Bot is a modular SEO poisoning malware used for social media promotion and click fraud. It is mainly distributed through the Microsoft Store using dozens of infected applications, mainly games. These games are constantly uploaded by the attackers. “To avoid detection, most of the scripts that control the malware are dynamically loaded at runtime from the attackers’ servers. This allows the attackers to modify the malware payload and the bots’ behavior at any time,” the report said.

How does Electron Bot malware work?

CPR says the Electron Bot malware infection chain starts with the installation of an infected application downloaded from the Microsoft Store† When a user launches the game downloaded from the Microsoft Store, a JavaScript dropper is dynamically loaded in the background from the attacker’s server, which performs various actions, including downloading and installing the malware and gaining persistence in the startup folder.

The malware is launched on the next system boot. Once launched, it connects to the C&C domain Electron Bot and receives a dynamic JavaScript payload with a range of capability features, including managing the infected users’ social media accounts.

How can I protect myself?

One of the best ways to avoid falling prey to this malware is to avoid downloading an app with a small number of reviews. CPR recommends looking for apps with good, consistent, and reliable ratings and paying attention to suspicious application naming that is not identical to the original name.

If you have fallen prey to this malware, here’s what you can do to clean up already infected machines:

– Remove the downloaded app from the Microsoft Store.

– Delete the malware package folder. To do this, follow this path: Go to C:Users\AppDataVanir-exodusPackages > locate and delete one of the following folders.

– Delete the corresponding LNK file from the Startup folder. To do this, follow this path: Go to C:Users\AppDataMicrosoftWindowsStart MenuProgramsStartup > look for a file called Skype.lnk or WindowsSecurityUpdate.lnk and delete it.





Leave a Reply

Your email address will not be published.