Electron Bot Malware running rampant in Microsoft Store, opening backdoors on victims’ computers. The malware is being distributed using fake versions of popular games such as Temple Run and Subway Surfers through the Microsoft Store to users of Windows 10 and Windows 11.
According to CheckPoint researchers, “New Malware Capable of Controlling Social Media Accounts Infects 5,000+ Machines and is actively being Distributed via Gaming Applications on Microsoft’s Official Store”
The threat actors are weaving malicious versions of the titles with Electron Bot malware. The malware has already infected thousands of computers in countries including Sweden, Bulgaria, and Russia. The threat actors gain backdoor access into a victim’s computer allowing for complete system control, as well as control of social media accounts.
The researchers further disclosed publishers like Lupy games, Crazy 4 games, Jeuxjeuxkeux games, Akshi games, Goo Games, and Bizzon Case have been found constantly submitting malicious clones of popular games to the Microsoft Store. All the games and publishers of such games have been reported by CheckPoint to Microsoft but are turning out to be a game of whack-a-mole.
The researchers explain that the game is loaded by launching the main script “main.js” which is responsible for basic window initialization and downloading a configuration file from hxxps://s3[.]eu-west-1[.]amazonaws[.]com/jeuxjeuxjeux.files/json-obj-el12/templeendlessrunner2.json.Further to avoid detection the bad actors load the scripts controlling the malware dynamically from their servers to avoid detection. This enables them to modify the malware’s payload and change the bots’ behavior at any given time. Researchers have analyzed the code and reached a unanimous conclusion that the attacks originate from Bulgaria.
How to avoid Electron Bot Malware infection?
- Avoid downloading an application with a small number of reviews
- Look for applications with good, consistent, and reliable reviews
- Pay attention to suspicious application naming which is not identical to the original name
If you are already a victim of Electron Bot Malware you will have to Remove the application downloaded from Microsoft Store.
- Go to settings > Apps.
- Find the app in the list and select uninstall.
Remove the malware’s package folder.
- Go to C:\Users\<username>\AppData\Local\Packages.
- Look for one of the following folders and remove it.
Remove associated LNK file from Start Up folder.
- Go to C:\Users\<username>\AppData\Microsoft\Windows\Start Menu\Programs\Startup.
- Look for a file named Skype.lnk or WindowsSecurityUpdate.lnk and remove it.