A new strain of malware called Electron Bot has surfaced in the Windows Store. The criminals who snuck it in have managed to infect thousands of computers around the world.
The Windows Store app on Windows 11. Cybercriminals have managed to evade Microsoft's defense and ... [+]
Check Point Research has been studying Electron Bot since it first appeared toward the end of 2018. Its original incarnation was an ad-clicking bot that was disguised as “Album by Google Photos.”
While the app did legitimately log users in to their Google accounts, all of its user-facing functionality was a smokescreen for behind-the-scenes advertising fraud.
This newer version of Electron Bot has been spotted in the Windows Store masquerading as several popular games. The most notable so far was a clone of Temple Run, a series which boasts tens of millions of installs on Android and iOS devices.
A malicious Temple Run clone that was distributing the Electron Bot malware.
Over the past three-plus years, Check Point has noted several new capabilities. Electron Bot can now create and control accounts on various social networking platforms, which allows it further defraud advertisers via likes and shared links.
Electron Bot can also directly promote specific products as well as the accounts it creates. Its authors have also added SEO poisoning capabilities, which allows the malware to boost the search engine rankings of fraudulent or malicious websites.
Check Point Research reports that more than 5,000 computers have been infected by Electron Bot via the Windows Store. While Electron Bot doesn’t pose the same risk to those infected machines as ransomware, it is nevertheless a very dangerous piece of malware.
Click fraud is a massive problem for online advertisers. Losses caused by click fraud campaigns are expected to climb to nearly $70 billion this year. That’s up more than 50% from an already astronomical $42 billion in 2019.
That doesn’t mean advertisers are the only ones in Electron Bot’s crosshairs. Like most malware, its authors have the ability to issue new instructions on the fly. Infected systems could be forced to download and install more harmful secondary payloads in the future.
Fortunately, cleaning up an Electron Bot infection isn’t too difficult at the moment. Checkpoint offers detailed instructions (near the bottom of this page) that can guide victims through uninstalling the bogus apps and deleting any files they leave behind.
