Zuhause » Nachrichten » Trojan Varenyky Spione auf Porno-Seiten Benutzer

Trojan Varenyky Spione auf Porno-Seiten Benutzer

ESET experts warned that since May 2019, French users have been attacked by Windows malware Varenyky, which not only sends spam from infected machines, but also records everything that happens on victimscomputers when they visit porn sites — Varenyky spies on porn sites users.

Varenyky spreads according to the classical schemethrough malicious emails that supposedly contain some important invoices. Eigentlich, Na sicher, there is no accounts in investments, and malware penetrates usersmachines in this way.

The main goal of Varenyky is to send spam that targets French users (mainly aimed at the clients of the Internet provider Orange SA).

“This spambot is not very advanced, but the context and story around it make it interesting. Many functions have been added and then quickly removed across many different versions in a short period of time (two months). This shows that the operators are actively working on their botnet and are inclined to experiment with new features that could bring a better monetization of their work”, — report in ESET.

Als Regel, malware spread by links to suspicious promotions that supposedly allow winning expensive smartphones. To participate in such adrawthe user, Na sicher, needs to enter a lot of personal data, including name, address, city, email address, phone number and bank card information.

jedoch, in late July, Varenyky began to send out other messages related tosextortion.

Hinweis: The term sextortion derived from the words “sex” and “extortion” and is used to indicate such activity.

In such messages, Varenyky operators claim that they infected userscomputers while visiting adult sites, recorded everything on video and now demand a ransom. Interessant, these statements are only partially false.

LESEN  Was ist Cpuminer.exe und wie man es beheben? Virus oder Sicher?

The fact is that Varenyky, Na sicher, does not follow random recipients of spam emails, but really has a hidden function that looks through the window titles and looks for words related to pornography, zum Beispiel, the Frenchsexe”. Dann, using the FFmpeg Bibliothek, the malware records everything that happens on the user’s screen. Das ist, this function should work when a user visits adult sites. The video recorded in this way is transmitted to the control server of the malware, located on the Tor network.

Message of Varenyki Trojan
Message of Varenyki Trojan

What then the malware operators do with the received video is unknown. ESET analysts note that as Varenyky is under development, malware now has new features, and old ones are deleted. Deswegen, it is difficult to understand why Varenyky’s operators collect such videos (allegedly virus writers can do this for fun or simply of curiosity).

lesen Sie auch: The new version of the banking Trojan TrickBot “kicks off” Windows Defender

It is also possible that in the future, attackers plan to blackmail Varenyky victims with recorded videos, extorting money from them. The fact is that Varenyky operators can easily associate recordings with the real identities of users. Um dies zu tun, the malware has another hidden function that extracts usernames and passwords from browsers and email clients. All this data is also transmitted to the management server.

And if Varenyky developers ever decide to ransom money from users, they will know exactly where and to whom to send a compromising record about a visit to a porn site.

[Gesamt:0    Durchschnitt: 0/5]

Über Trojan Mörder

Tragen Sie Trojan Killer-Portable auf Ihrem Memory-Stick. Achten Sie darauf, dass Sie in der Lage sind, Ihr PC keine Cyber-Bedrohungen widerstehen zu helfen, wo immer Sie sind.

überprüfen Sie auch

Smominru Botnet breitet sich schnell Schnell

Smominru Botnet schnell verbreitet und hackt über 90 tausend Computer jeden Monat

Kryptowährung Bergbau und Identitätsdiebstahl Botnet Smominru (auch als Ismo bekannt) began to spread incredibly

TFlower Ransomware verwendet RDP

Forscher sagen, über die wachsende Aktivität von TFlower, eine andere Ransomware, die RDP verwendet

Nach Bleeping-Computer, die Aktivität von TFlower, eine Ransomware, die RDP verwendet und …

Hinterlasse eine Antwort