A damaging threat named Electron Bot, which is equipped with full system takeover capabilities has managed to infiltrate and is being spread via Microsoft's official store. To bypass the store's security measures and attract victims, the attackers rely on cloning popular applications, mostly games, such as Temple Run and Subway Surfer. According to a report by Check Point Research, the Electron Bot has managed to infect over 5000 devices spread across 20 different countries.
Once established on the victim's device, the threat appears to be used as SEO-poisoning malware mainly. In practice, this means that the hackers abuse their control over the device to take over the victim's social media accounts, including Facebook, Google, Soundcloud and more. The attackers also can make new accounts, leave comments and other social media interactions in real-time.
In addition, the Electron Bot can act as an ad-clicker by simulating clicks on remote websites, most likely as a way to generate Pay-Per-Click (PPC) ad revenue for its operators. The behavior of the threat is sophisticated enough to avoid being flagged by website defenses. Due to its modular nature and the fact that most of its controlling scripts are loaded dynamically on run time, the attackers are allowed to easily modify the behavior and capabilities of the threat.
A spokesperson from Microsoft has stated that the company is aware of the issue and will take appropriate actions to protect its customers.