Malware is distributed through the Microsoft Store

Η Check Point Research (CPR) identified new malware widely distributed via game applications in the official of Microsoft. By name Electron-muzzle, malware can control its victims's social media accounts, including Facebook, Google and Sound Cloud. Malware can register new accounts, log in, comment and do “like”In other posts. THE CPR counts so far 5.000 victims in 20 countries. Η CPR prompts users to immediately delete applications from different publishers. 

  • Popular games like “Temple Run"Or" SurferWere found to be malicious.

  • Attackers can use the installed malware as a backdoor to gain complete control over the victim's machine

  • Most victims come from Sweden, Bermuda, Israel and Spain

store

Η Check Point Research (CPR) has identified new malware that is widely distributed through its official store Microsoft. With more than 5.000 machines already affected, the malware constantly executes attackers' commands, such as controlling social media accounts on Facebook, The Google and Sound Cloud. Malware can register new accounts, log in, comment and do “like”In other posts.   

By name Electron-muzzle by CPR, the full capabilities of the malware are as follows:  

  • SEO poisoning, a method of attack in which cybercriminals create malicious websites and use search engine optimization tactics to make them appear prominent in search results. This method is also used as a sale as a service to promote the ranking of other sites.

  • Ad Clicker, A computer infection that runs in the background and is constantly linked to remote sites to generate "clicks" on ads, resulting in financial gain from how many times an ad is clicked.

  • Promotion of social media accounts, As the YouTube and SoundCloud, to drive traffic to specific content and increase views and advertising clicks to generate profits.

  • Promotion of online products, to generate profits by clicking on ads or increasing the store rating for higher sales.

In addition, as its payload Electron-muzzle loaded dynamically, attackers can use the installed malware as backdoor cuts to gain complete control over the victim's machine. 

Contents hide
Distribution via game apps in the Microsoft Store
Victims
How malware works
Report
Revelation
Comment by Daniel Alima, Malware Analyst at Check Point Research:
Security tips

Distribution through game applications in Microsoft Store

There are dozens of infected applications in her store Microsoft. Popular games like “Temple Run"Or"Subway SurferWere found to be malicious. THE CPR has identified several malicious game providers, where all applications under these providers are associated with the malicious campaign:

  • Loopy games. 

  • Crazy 4 games. 

  • Jeuxjeuxkeux games 

  • akshi games 

  • goo games 

  • bison case 

Victims

So far, the CPR has counted 5.000 in 20 countries. Most of the victims come from Sweden, Bermuda, Israel and Spain.  

How malware works

The malicious campaign works with the following steps:  

  1. The attack starts with of an application of it Microsoft Store pretending to be legal. 

  2. After installation, the attacker downloads files and executes scripts 

  3. The downloaded malware becomes resistant to the victim's machine by repeatedly executing various commands sent by the C&C of the attacker

To prevent crawling, most of the malware-controlled scripts are loaded dynamically when executed by attacker's servers.

This allows attackers to modify the payload of malware and change their behavior. bots anytime. Malware uses the framework Electron to mimic human behavior and bypass website protections.

Report

There are indications that the malware campaign started in Bulgaria, such as:

  1. All variants between 2019 - 2022 were uploaded to public storage "mediafire.comFrom Bulgaria. 
  2. Account Sound Cloud and  YouTube promoting muzzle is with the name “I Ivaylo Yordanov", A popular Bulgarian wrestler / soccer player 
  3. Bulgaria is the country most promoted in the source code

Revelation

Η CPR reported to Microsoft all game publishers identified and associated with this campaign.

Comment by Daniel Alima, Malware Analyst at Check Point Research: 

"This investigation analyzed a new malware called Electron-Boots which has affected more than 5.000 victims worldwide. The Electron-Boots descends and spreads easily from its official platform Microsoft Store.

The frame Electron provides in applications Electron access to all computer resources, including computers GPU. As its payload muzzle loaded dynamically at each execution time, attackers can modify the code and change its behavior muzzle at high risk. For example, they can start another second stage and launch new malware like ransomware or one RAT. All this can happen without the victim's knowledge.

Most people think that you can trust app store reviews and do not hesitate to download an app from there. There is an incredible danger with this, as you never know what malicious data you can download ".

Security tips

To be as safe as possible, before downloading an app from the App Store:  

  1. Avoid downloading an application with a small number of reviews 

  2. Look for applications with good, consistent and reliable reviews 

  3. Beware of suspicious application names that are not identical to the original name

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.

malwareMicrosoft Store

microsoft store, malware, iguru

Written by newsbot

Although the press releases will be from very select to rarely, I said to go ... because sometimes the authors are hiding.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).