Nasty new malware will seize control of your social media accounts

News
By Sead Fadilpašić
last updated

You might have been promoting a certain Ivaylo Yordanov online without even knowing it

A white padlock on a dark digital background.
(Image credit: Shutterstock.com)

Cybersecurity researchers from Check Point Research (CPR) have found a new malware circulating around the web that is capable of taking over the victim’s social media accounts, and using them for promotion and monetary gain.

The researchers sayithe malware, which they named Electron-bot, is being distributed through the Microsoft store. On the store, “several” malicious publishers created a number of games and apps which carry the virus, including relatively popular titles such as Temple Run, or Subway Surfer. 

Once installed, the “game” downloads files, and executes scripts, all with the goal of gaining persistence, and avoiding detection, on the endpoint

TechRadar needs yo...

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> Click here to start the survey in a new window <<

Promoting Bulgarian footballers

Once that’s completed, it can start with the actual work, which includes SEO poisoning (boosting search engine results for certain, malicious landing pages), Ad Clicking (clicking ads on sites so that the seller of the ad space gets more revenue from the ad network), social media account promotion, as well as online product promotion.

Apparently, a Bulgarian threat actor is behind the campaign. CPR says. All of the malware’s variants were uploaded to the “mediafire.com” public cloud storage, originating from Bulgaria. The YouTube and SoundCloud accounts being promoted through the malware campaign belong to a Bulgarian wrestler and soccer player, while Bulgaria, as a country, is the most promoted one in the source code.

Read more

> 6 types of Windows malware to watch out for - and how to remove them

> How to remove malware from your computer

> Nasty new malware strain creeps quietly past Windows defenses

A total of 5,000 endpoints are already affected, the researchers are saying. The bulk of those are located in Sweden, Bermuda, Israel, and Spain, although the victims are scattered around 20 countries. 

CPR has warned users to be vigilant when downloading apps, even from legitimate sources, and to look at the number of reviews, downloads, as well as for potential typos in the name of the game or the publisher, hinting that even in the most well-guarded app stores, malicious actors can sometimes slip through the cracks.

“Most people think that you can trust application store reviews, and they don't hesitate to download an application from there. There's incredible risk with that, as you never know what malicious items you can be downloading,” noted Daniel Alima, Malware Analyst at Check Point Research.

Sead Fadilpašić
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.