Tweet
Cybersecurity researchers from Check Point Research (CPR) have found a new malware circulating around the web that is capable of taking over the victim’s social media accounts, and using them for promotion and monetary gain.
The researchers sayithe malware, which they named Electron-bot, is being distributed through the Microsoft store. On the store, “several” malicious publishers created a number of games and apps which carry the virus, including relatively popular titles such as Temple Run, or Subway Surfer.
Once installed, the “game” downloads files, and executes scripts, all with the goal of gaining persistence, and avoiding detection, on the endpoint.
TechRadar needs you!
We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a £100 Amazon gift card (or equivalent in USD). Thank you for taking part.
Once that’s completed, it can start with the actual work, which includes SEO poisoning (boosting search engine results for certain, malicious landing pages), Ad Clicking (clicking ads on sites so that the seller of the ad space gets more revenue from the ad network), social media account promotion, as well as online product promotion.
Apparently, a Bulgarian threat actor is behind the campaign. CPR says. All of the malware’s variants were uploaded to the “mediafire.com” public cloud storage, originating from Bulgaria. The YouTube and SoundCloud accounts being promoted through the malware campaign belong to a Bulgarian wrestler and soccer player, while Bulgaria, as a country, is the most promoted one in the source code.
Read more
A total of 5,000 endpoints are already affected, the researchers are saying. The bulk of those are located in Sweden, Bermuda, Israel, and Spain, although the victims are scattered around 20 countries.
CPR has warned users to be vigilant when downloading apps, even from legitimate sources, and to look at the number of reviews, downloads, as well as for potential typos in the name of the game or the publisher, hinting that even in the most well-guarded app stores, malicious actors can sometimes slip through the cracks.
“Most people think that you can trust application store reviews, and they don’t hesitate to download an application from there. There’s incredible risk with that, as you never know what malicious items you can be downloading,” noted Daniel Alima, Malware Analyst at Check Point Research.
[ul]
[li]Check out our list of the best ransomware protection software right now[/li][/ul]
Continue reading…
The researchers sayithe malware, which they named Electron-bot, is being distributed through the Microsoft store. On the store, “several” malicious publishers created a number of games and apps which carry the virus, including relatively popular titles such as Temple Run, or Subway Surfer.
Once installed, the “game” downloads files, and executes scripts, all with the goal of gaining persistence, and avoiding detection, on the endpoint.
TechRadar needs you!
We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a £100 Amazon gift card (or equivalent in USD). Thank you for taking part.
Click here to start the survey in a new window p>
[HEADING=1]Promoting Bulgarian footballers[/HEADING]
[HEADING=1]Promoting Bulgarian footballers[/HEADING]
Apparently, a Bulgarian threat actor is behind the campaign. CPR says. All of the malware’s variants were uploaded to the “mediafire.com” public cloud storage, originating from Bulgaria. The YouTube and SoundCloud accounts being promoted through the malware campaign belong to a Bulgarian wrestler and soccer player, while Bulgaria, as a country, is the most promoted one in the source code.
Read more
6 types of Windows malware to watch out for - and how to remove them
How to remove malware from your computer
Nasty new malware strain creeps quietly past Windows defenses
How to remove malware from your computer
Nasty new malware strain creeps quietly past Windows defenses
CPR has warned users to be vigilant when downloading apps, even from legitimate sources, and to look at the number of reviews, downloads, as well as for potential typos in the name of the game or the publisher, hinting that even in the most well-guarded app stores, malicious actors can sometimes slip through the cracks.
“Most people think that you can trust application store reviews, and they don’t hesitate to download an application from there. There’s incredible risk with that, as you never know what malicious items you can be downloading,” noted Daniel Alima, Malware Analyst at Check Point Research.
[ul]
[li]Check out our list of the best ransomware protection software right now[/li][/ul]
Continue reading…