Malware is distributed through the Microsoft Store

Η Check Point Research (CPR) detected new software that is widely distributed through game apps on its official store Microsoft. By name Electron-muzzle, malware can control its victims's social media accounts, including Facebook, Google and Sound Cloud. Malware can register new accounts, log in, comment and do “like”In other posts. THE CPR counts so far 5.000 victims in 20 countries. Η CPR prompts users to immediately delete applications from different publishers. 

  • Popular As the "Temple Run"Or"Subway SurferWere found to be malicious.

  • Attackers can use the installed malware as a backdoor to gain complete control over the victim's machine

  • Most victims come from Sweden, Bermuda, Israel and Spain


Η Check Point Research (CPR) has identified new malware that is widely distributed through its official store Microsoft. With more than 5.000 machines already affected, the malware constantly executes attackers' commands, such as controlling social media accounts on Facebook, The Google and Sound Cloud. Malware can register new accounts, log in, comment and do “like”In other posts.   

By name Electron-muzzle by CPR, the full capabilities of the malware are as follows:  

  • SEO poisoning, a method of attack in which cybercriminals create malicious websites and use search engine optimization tactics to make them appear prominent in search results. This method is also used as a sale as a service to promote the ranking of other sites.

  • Ad Clicker, a computer infection that runs on και συνδέεται συνεχώς με απομακρυσμένους ιστότοπους για να παράγει “κλικ” για , με αποτέλεσμα να κερδίζει οικονομικά από το πόσες φορές γίνεται κλικ σε μια διαφήμιση.

  • Promotion of social media accounts, As the YouTube and SoundCloud, to drive traffic to specific content and increase views and advertising clicks to generate profits.

  • Promotion of online products, to generate profits by clicking on ads or increasing the store rating for higher sales.

Επιπλέον, καθώς το ωφέλιμο of Electron-muzzle loaded dynamically, attackers can use the installed malware as backdoor cuts to gain complete control over the victim's machine. 

Distribution through game applications in Microsoft Store

There are dozens of infected applications in her store Microsoft. Popular games like “Temple Run"Or"Subway SurferWere found to be malicious. THE CPR has identified several malicious game providers, where all applications under these providers are associated with the malicious campaign:

  • Loopy games. 

  • Crazy 4 games. 

  • Jeuxjeuxkeux games 

  • akshi games 

  • goo games 

  • bison case 


So far, the CPR has counted 5.000 in 20 countries. Most of the victims come from Sweden, Bermuda, Israel and Spain.  

How malware works

The malicious campaign works with the following steps:  

  1. The attack starts with the installation of an application Microsoft Store pretending to be legal. 

  2. After installation, the attacker downloads files and executes scripts 

  3. The downloaded malware becomes resistant to the victim's machine by repeatedly executing various commands sent by the C&C of the attacker

To prevent crawling, most of the malware-controlled scripts are loaded dynamically when executed by attacker's servers.

This allows attackers to modify the payload of malware and change their behavior. bots anytime. Malware uses the framework Electron to mimic human behavior και να παρακάμψει τις προστασίες ιστότοπων.


There are indications that the malware campaign started in Bulgaria, such as:

  1. All variants between 2019 - 2022 were uploaded to public storage "mediafire.comFrom Bulgaria. 
  2. Account Sound Cloud and the channel YouTube promoting muzzle is with the name “I Ivaylo Yordanov", A popular Bulgarian wrestler / soccer player 
  3. Bulgaria is the country most promoted in the source code


Η CPR reported to Microsoft all game publishers identified and associated with this campaign.

Comment by Daniel Alima, Malware Analyst at Check Point Research: 

"This investigation analyzed a new malware called Electron-Bot which has affected more than 5.000 victims worldwide. The Electron-Bot descends and spreads easily from its official platform Microsoft Store.

The frame Electron provides in applications Electron access to all computer resources, including computers GPU. As its payload muzzle loaded dynamically at each execution time, attackers can modify the code and change its behavior muzzle at high risk. For example, they can start another second stage and launch new malware like ransomware or one RAT. All this can happen without the victim's knowledge.

Most people think that you can trust app store reviews and do not hesitate to download an app from there. There is an incredible danger with this, as you never know what malicious data you can download ".

Security tips

To be as safe as possible, before downloading an app from the App Store:  

  1. Avoid downloading an application with a small number of reviews 

  2. Look for applications with good, consistent and reliable reviews 

  3. Beware of suspicious application names that are not identical to the original name The Best Technology Site in Greecefgns

Subscribe to via Email

Subscribe to this blog and receive notifications of new posts by email.

microsoft store, malware, iguru

Written by newsbot

Although the press releases will be from very select to rarely, I said to go ... because sometimes the authors are hiding.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).