Microsoft Official Store Plagued By New Malware; Affects 5,000 Machines

Malware attacks have become more widespread in recent years. We keep hearing news about how new spyware is infecting consumers' devices and extracting their personal information. According to reports, another malware is infecting users' devices by posing as a legitimate program on the Microsoft Store and getting into their devices.

However, this infection is considered unique. This new spyware takes control of users' social network accounts instead of taking personal information. In its most recent report, security research firm Check Point Research (CPR) described a new malware known as the 'Electron Bot,' which is capable of acquiring control of users' social media accounts such as Facebook, Google, Soundcloud, and perhaps even YouTube.

According to the security research group, the new malware is being actively spread through Microsoft's official retail outlet and has already infected over 5,000 machines.
"Attacker commands, such as manipulating social network accounts on Facebook, Google, and Sound Cloud, are constantly executed by the malware. In its analysis, the company stated that the malware can register new accounts, log in, comment on, and like other articles.

What does Electron Bot Malware Target?

Electron Bot is a customizable SEO poisoning malware that is used for promotional campaigns and clicks fraud, according to the research. It is mostly delivered through the Microsoft Store via dozens of infected programs, the majority of which are games. The attackers are continually uploading these games.

To prevent detection, the majority of the malware's scripts are automatically loaded at run time from the attackers' servers. The reports claim that this allows attackers to change the composition of the virus and the behavior of the bots at any time.

Electron Bot Malware Attacks

According to CPR, the Electron Bot malware infection chain begins with the installation of an infected application from the Microsoft Store. When a user plays a game obtained from the Microsoft Store, a JavaScript dropper is instantly loaded from the attackers' server in the background, which performs multiple tasks, notably downloading and installing malware and obtaining perseverance on the startup folder.

The malware is activated, at the subsequent system startup. Once deployed, it connects to the C&C domain Electron Bot and receives a dynamic JavaScript payload containing a set of capabilities functions, including management of the infected users' social media accounts.

How To Get Rid Of Electron Bot Malware

Avoiding installing an app with a tiny number of ratings is one of the greatest strategies to avoid being a victim of this infection. CPR advises selecting for apps with positive, consistent, and dependable evaluations, as well as paying attention to dubious app naming that differs from the original name.

If your computer has already been infected by this software, follow these steps to wipe it up:

- Uninstall the software from the Microsoft Store.

- Delete the malware's package folder from your computer. To do so, take the following steps: Look for one of the following directories in C:\Users\AppData\Local\Packages> and delete it.

- Delete the LNK file connected with it from the Start Up folder. To do so, take the following steps: Look for a file titled Skype.lnk or WindowsSecurityUpdate.lnkin C:\Users\AppData\Microsoft\Windows\Start Menu\Programs\Startup and delete it.