Security experts tell people all the time to never to download apps from anywhere other than official sources like the Microsoft Store, the Google Play Store, and the Apple App Store.
It's good advice but unfortunately, even those sources aren't perfect when it comes to keeping malicious apps that have been poisoned with malware off of their virtual shelves.
Recently, the cyber-intelligence firm named Check Point discovered poisoned clones of a number of popular games like Temple Run and Subway Surfer. These poisoned clones have been responsible for compromising more than five thousand machines located primarily in Sweden, Israel, Spain, and Bermuda.
The code lurking in these poisoned copies of popular games is called Electron Bot and it is fairly mild in terms of what it does. It seeks to earn profits by taking control of machines and commandeering their social media accounts including Facebook, Google, YouTube and Sound Cloud.
If the owner of the infected system happens not to have accounts on any of those services, that's fine too. Electron Bot is more than capable of setting up brand new accounts and then commenting and "liking" content on those platforms which is engaging in click fraud.
This Electron Bot is not new. It was first spotted in the wild in the waning days of 2018 masquerading as an app called "Album by Google Photos" on the Google Play store.
Since then, the malicious code has undergone several revisions and each time the authors have further refined the code and added new capabilities to it.
According to the Check Point researchers, the main goals of the group behind the malware seem to be:
SEO poisoning - Create malware-dropping sites that rank high on Google Search results.
Ad clicking - Connect to remote sites in the background and click on non-viewable advertisements.
Social media account promotion - Direct traffic to specific content on social media platforms.
Online product promotion - Increase store rating by clicking on its advertisements.
As malware goes that's hardly the worst thing but it's still not something you want on your system. So be warned and be aware.
Used with permission from Article Aggregator