Electron Bot Malware on Microsoft App Store and Cuba Ransomware on Exchange Servers


A malware that can take over social media accounts of victims is seen propelling on Microsoft App Store and reports are in that it has so far infected over 5,000 accounts in the disguise of fake Temple Run and Subway Surfer games.

Interesting part of this malware spreading scheme is that it is being spread on the official app store of the Windows giant and the malware dubbed as Electron Bot has the capabilities of taking over full screens of its victims, there by stealing login credentials and comments information from social media posts including the posted videos and photos.

Furthermore, the malicious software has the capability of leading the victims to ad-click frauds and SEO poisoning and seems to offer back-doors that hackers can later access remotely, allowing them to turn them into espionage related tools.

Check Point Research team claims that most of the victims of the recently discovered malware are from Bermuda, Bulgaria, Russia, Spain and Sweden and includes victims from over 20 countries- big & small.

Coming to the other news related to Microsoft, hackers are found to be injecting Cuba ransomware by exploiting vulnerabilities in Microsoft Exchange Servers and allowing them to gain a foothold in corporate networks.

Security researchers from Mandiant were the first to detect and reveal the file encrypting malware scandal to the world and discovered that the spread of the said ransomware was going on since 2019, further picking up pace consecutively in 2020 and 2021.

Currently, Cuba Ransomware spreading gang was found infecting exchange servers from India, United States, Canada, Australia, Germany, Jordan, Poland and United Kingdom not only through the legacy Cobalt Strike backdoor but also through some self devised tools such as Wedgecut, eck.exe, Bughatch and Burntcigar.

Cuba Ransomware Hackers are demanding $10m as a ransom to free up the database from encryption and are interested in negotiating and cutting down the ransom, if/when the situation demands.


Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display