Hjem » Nyheder » Trojan Varenyky spioner på pornosider brugere

Trojan Varenyky spioner på pornosider brugere

ESET experts warned that since May 2019, Franske brugere er blevet angrebet af Windows malware Varenyky, som ikke kun sender spam fra inficerede maskiner, men også registrerer alt hvad der sker på ofrene’ computere, når de besøger pornosider - Varenyky spioner på pornosider brugere.

Varenyky spreads according to the classical schemethrough malicious emails that supposedly contain some important invoices. Faktisk, of course, there is no accounts in investments, and malware penetrates usersmachines in this way.

The main goal of Varenyky is to send spam that targets French users (mainly aimed at the clients of the Internet provider Orange SA).

“This spambot is not very advanced, but the context and story around it make it interesting. Many functions have been added and then quickly removed across many different versions in a short period of time (two months). This shows that the operators are actively working on their botnet and are inclined to experiment with new features that could bring a better monetization of their work”, — report in ESET.

Som regel, malware spread by links to suspicious promotions that supposedly allow winning expensive smartphones. To participate in such adrawthe user, of course, needs to enter a lot of personal data, including name, address, city, email address, phone number and bank card information.

Imidlertid, in late July, Varenyky began to send out other messages related tosextortion.

Bemærk: The term sextortion derived from the words “sex” and “extortion” and is used to indicate such activity.

In such messages, Varenyky operators claim that they infected userscomputers while visiting adult sites, recorded everything on video and now demand a ransom. Interessant, these statements are only partially false.

LÆS  JS/CoinMiner virus. What is JS/CoinMiner?

The fact is that Varenyky, of course, does not follow random recipients of spam emails, but really has a hidden function that looks through the window titles and looks for words related to pornography, for eksempel, the Frenchsexe”. Derefter, using the FFmpeg bibliotek, the malware records everything that happens on the user’s screen. Det er, this function should work when a user visits adult sites. The video recorded in this way is transmitted to the control server of the malware, located on the Tor network.

Message of Varenyki Trojan
Message of Varenyki Trojan

What then the malware operators do with the received video is unknown. ESET analysts note that as Varenyky is under development, malware now has new features, and old ones are deleted. Because of this, it is difficult to understand why Varenyky’s operators collect such videos (allegedly virus writers can do this for fun or simply of curiosity).

Læs også: The new version of the banking Trojan TrickBot “kicks off” Windows Defender

It is also possible that in the future, attackers plan to blackmail Varenyky victims with recorded videos, extorting money from them. The fact is that Varenyky operators can easily associate recordings with the real identities of users. At gøre dette, the malware has another hidden function that extracts usernames and passwords from browsers and email clients. All this data is also transmitted to the management server.

And if Varenyky developers ever decide to ransom money from users, they will know exactly where and to whom to send a compromising record about a visit to a porn site.

[i alt: 0    Gennemsnit: 0/5]

Om Trojan Killer

Carry Trojan Killer Portable på din memory stick. Vær sikker på, at du er i stand til at hjælpe din pc modstå eventuelle cyber trusler, hvor du går.

Tjek også

Smominru botnet Hurtigt Spreads hurtigt

Smominru botnet hurtigt spreder og den fine kombination da løbet 90 tusinde computere hver måned

Cryptocurrency minedrift og identitetstyveri botnet Smominru (også kendt som Ismo) began to spread incredibly

TFlower ransomware bruger RDP

Forskere siger om stigende aktivitet TFlower, en anden ransomware der bruger RDP

Ifølge bleeping Computer, aktiviteten af ​​TFlower, en ransomware der bruger RDP og er …

Skriv et svar