New Extortion Software is Disguised as a Crypto-Currency Wallet
By Prempal Singh
Security researchers from Fortinet reported a new fraudulent scheme in which attackers tricked users into installing extortion software under the guise of a purse for a fake SpriteCoin cryptocurrency.
As the researchers found out, after installation, the extortion program encrypts files on the victim’s computer and requires a ransom of 0.3 Monero (about $ 100 at the time of writing the news). It is noteworthy if the victim still pays a ransom, the additional malicious software will be installed on her computer, capable of collecting data, analyzing images and activating the web camera.
When executing an executable file supposedly to install a crypto-currency purse, the user is prompted to enter the password and wait for the program to load the block. In fact, during this time, the malicious code launches the encryption procedure, adding the .encrypted extension to the files. In addition, the encryptor steals data from the credential storage in the Chrome and Firefox browsers and sends them to a remote web site.
(Cyberops, Cyberops Infosec, VAPT, Cyber Security, Ethical Hacking, Secured Application Development)
Recall that the developers of the browser Opera have paid attention to the problem of hidden mining for a long time, so they decided to protect users of PCs and smart devices from the actions of intruders.
At the end of the process, a message with a demand for redemption is displayed on the victim’s device. The message contains links to information about the Montero cryptocurrency, how to buy it and make a payment, and a warning that if the program is deleted, the files will remain encrypted forever.
According to the researchers, a relatively small amount of redemption may indicate the intention of the attackers not to earn as much as to test a new method of delivery of extortion software.