A new strain of malware called Electron Bot, has already infected more than 5,000 machines worldwide. Once it takes over a victim's system, it can control their social media accounts on services such as Facebook and SoundCloud.
It is capable of registering new accounts, log in with your credentials, share posts, and even comment on and like other posts.
Check Point Research, the research firm that discovered the malware, found it was being actively distributed through Microsoft's official app Store, where it masquerades as popular games like Temple Run or Subway Surfer.
Once downloaded on to a user's system, the malware begins a SEO poisoning routine, a method where threat actors create fake websites and use search engine optimisation tactics to rank them high in search results online.
It also functions as an "ad-clicker" an automatic process where it will constantly generate clicks on remote websites to increase ad revenue. Since it can take control of social media accounts, it can promote fake apps and websites through them as well.
Check Point Research says that the bot can, "imitate human browsing behavior and evade website protections".
“It then executes several actions including downloading and installing the malware and gaining persistency on the startup folder.”Check Point Research has reported all its findings to Microsoft, who are investigating the issue.