Skip to main content

New malware mimics Windows scanner to infect PCs with ransomware


Currently, there are more than 800 million Windows 10 users across the globe while vast numbers of users are still using Windows 7. These stats may not come as surprise but they do make Windows users a lucrative target for cybercriminals.
On October 3rd, 2019, a trojan horse was discovered which pretends to be a security scanner by Microsoft but in reality, it is everything evil but so. A cybersecurity researcher named Xavier Mertens first posted a screenshot of the email he received from the scammers prompting him to download the malware:
Phishing email (Screenshot: Xavier Mertens)
To start with, it can clearly be seen that the sender’s email address has not been spoofed to breathe in an air of authenticity. This blunder alone should be sufficient for most to realize that it is not a legitimate email but for the sake of exploration, we’ll continue.
Upon downloading, we are presented with a WSS.zip archive file which contains the executable file of the fake scanner. Once one runs it, they are presented with aransomware warning a few moments later unfolding the entire scheme:
It’s not surprising that Bitcoin is their preferred currency but given some astonishing revelations surrounding its anonymity, Monero or Zcash certainly might have been a better choice.
Upon inspecting the SHA256 of the archive with an online tool like VirusTotal, we are presented with the different categories and names under which it has been detected by various anti-virus software.
Regardless, after the tools has done its job, users would now find every file encrypted with the following types under the Users folder in C Drive bearing the”.Lost_Files_Encrypt” extension:
“.xxx .sdf .txt .doc .docx .xls .pdf .zip .rar .css .xlsx .ppt .pptx .odt .jpg .bmp .png .csv .sql .mdb .php.asp .aspx .html .xml .psd .bat .mp3 .mp4 .wav .wma.avi .mkv .mpeg .wmv .mov .jpeg .ogg.TXT .DOC .DOCX .XLS .PDF .ZIP .RAR .CSS .XLSX .PPT .PPTX .ODT .JPG .BMP.CSV .SQL .MDB .PHP .ASP .ASPX .HTML .XML .PSD .BAT .MP3 .MP4 .WAV .WMA .AVI .MKV .MPEG .WMV .MOV .OGG and .JPEG.”
Microsoft Pretender Scanner
Image credit: Bleeping Computer
To conclude,  this ransomware is no different from others. In fact, it is much easier to spot at first sight from the other ones out there but users getting compromised despite that says a lot about the lack of awareness surrounding cybersecurity. This is best summed up from a quote by Elliot from the famed Mr.Robot,
Labels:

Comments

Post a Comment

Popular posts from this blog

List Of Sql Infected Sites-HACKEREAD

SQL injection  is a  code injection  technique, used to  attack  data-driven applications, in which malicious  SQL  statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).  SQL injection must exploit a  security vulnerability  in an application's software, for example, when user input is either incorrectly filtered for  string literal   escape characters  embedded in SQL statements or user input is not  strongly typed  and unexpectedly executed. SQL injection is mostly known as an attack  vector  for websites but can be used to attack any type of SQL database. List of SQL Infected sites:  http://www.genhound.co.uk/source.php?id=477 http://www.lcoastpress.com/journal.php?id=8 http://www.travellers-tales.co.uk/travelJournal.php?id=42 http://www.arrowvalves.co.uk/content.php?id=8 http://www.reaplasrack.co.uk/content.php?id=129 http://www.arrowval...
Post a Comment
Read more

Google dork list for XSS (Cross- site scripting)-2020

GOOGLE DORK LIST FOR Cross-site scripting -2020 Google Dorks  its also known as google query ,List “Google Hacking” is mainly referred to pull the sensitive information from Google using advanced search terms that help users to search the index of a specific website, specific file type and some interesting information from unsecured Websites. Google Dorks list  2020 can uncover some incredible information such as email addresses and lists, login credentials, sensitive files, website vulnerabilities, and even financial information (e.g. payment card data). Here you can see an example to understand how  Google Darks   password  used by hackers to gain sensitive information from specific websites. You can also use for Exploit DB site to give you according to you Search state. https://www.exploit-db.com/ “ inurl: domain/ ” “ additional dorks A hacker would simply use in the desired parameters as follows: inurl = the URL of a site you want...
Post a Comment
Read more

Popular Android Zombie game phish users to steal Gmail credentials

The app made its way to Google Play Store was also found phishing users for Facebook credentials. Scary Granny ZOMBY Mod: The Horror Game 2019 is the latest game on Google Play Store that is condemned by the digital security fraternity for sneakily stealing personal data from unsuspecting users. The game, which has been downloaded for over 50,000 times, was available for Android devices making Android users its primary target. The malicious app attempts to collect sensitive information such as Facebook and Gmail login credentials. The malicious activities of Scary Granny ZOMBY Mod were detected by the mobile security firm Wandera. The company found out that the app asks users to enter their Gmail or other Google account credentials, which are then used for collecting private data of the user by hijacking the account –  All of this happens, unsurprisingly, without alerting the user. Gmail phishing page on the supposed gaming app (Screenshot: Wandera) Rese...
Post a Comment
Read more