This dangerous malware found in Temple Run, Subway Surfer apps; is it on your device? Delete!

A new malware has been found which is capable of taking control of all your social media accounts. The malware dubbed Electron Bot has been spotted by CheckPoint Research which said that it is being actively distributed through Microsoft’s official store. By now, it has affected over 5,000 devices and it has the potential to take complete control of social media accounts such as Facebook, Google, and SoundCloud. Not just that, but it can register new accounts, log in, comment on, and even “like” other posts. The report says that the malware is found hidden in the widely downloaded game apps such as Temple run and Subway Surfer.

This Electron Bot malware is a modular SEO poisoning malware, which is used for social media promotion and click fraud. The report confirms that the malware is mainly distributed via the Microsoft store platform which has been dropped from dozens of infected applications, especially games, which are constantly uploaded by the attackers. Most of the affected devices are from Sweden, Bulgaria, Russia, Bermuda, and Spain.

How does this Electron Bot malware works

The cybersecurity firm explains that the Electron Bot malware gets into the device when a user downloads any affected app or game from Microsoft Store. How it succeeds in avoiding getting detected is by hiding inside the game apps. When the user downloads and launches the game, a JavaScript dropper is loaded dynamically in the background from the attackers’ server which executes several actions to install the malware in the device.

Once it is in the user's device, it uses Search Engine Optimisation (SEO) poisoning. Under this method, cybercriminals create malicious websites and use SEO tactics to make them show up on the top search results. Here, it boosts malicious apps and websites. Besides that, it can work as an ‘Ad Clicker’, which is a computer infection that constantly runs in the background to connect with remote websites to generate ‘clicks’ for advertisement. Also, it can promote social media accounts or online products to generate profits with ad clicking or increase views.

What should you do?

• It is advised to remove the applications downloaded from the Microsoft store.
• You will need to remove the malware’s package folder. To do so, go to the C drive of your system. Then Users > username > App data > local > packages.
• Look for the folders named “Microsoft.Windows.SecurityUpdate_cw5n1h2txyewy” or “Microsoft.Windows.Skype_cw5n1h2txyewy”
• Also, remember to remove the LNK file from the StartUp folder available in the Windows option of C Drive.
• Check the file named Skype.lnk or WindowsSecurityUpdate.lnk and delete it immediately.