It seems that such attacks should be well-studied and their consequences neutralized, however, TrendMicro recently discovered new species of Dharma extortions. In addition, malware acquired new tactics.
Attack begins with an email, for example, from Microsoft.
According to the message that user receives, his computer is allegedly under threat, and it is necessary immediately install antivirus software. For doing so, users had to download proposed file. This file usually contains extortionists’ software and legal and well-known to users ESET AV Remover, a antivirus tool from ESET Company for removal installed antivirus scans from computer.
Regardless if users will complete installation of AV Remover or not, extortionist encrypts all files’ types at the background. Finally, users will have to pay for decryption of files.
“Cybercriminals have history of abuse with authentic instruments. And this recent practice of installer exploitation as a distraction is one more method they experiment with” – says Rafael Senteno from antivirus company TrendMicro.
ESET company was informed about exploitation of their products for Dharma Ransomware promotion and their representatives found necessary to argue:
“The case describes the well-known practice for malware to be bundled with legitimate application(s). In the specific case Trend Micro is documenting, an official and unmodified ESET AV Remover was used. However, any other application could be used this way. The main reason is to distract the user, this application is used as a decoy application. ESET threat detection engineers have seen several cases of ransomware packed in self-extract package together with some clean files or hack/keygen/crack recently. So this is nothing new.”
TrendMicro gives recommendations on the protection from similar things.
Source: https://blog.trendmicro.com
About Pbmsoultions.com Pbmsoultions.com pop-ups can not launch out of the blue. If you have actually…
About Prizestash.com Prizestash.com pop-ups can not expose out of the blue. If you have actually…
About Verifiedbreaking.com Verifiedbreaking.com pop-ups can not launch out of nowhere. If you have actually clicked…
About Themoneyminutes.com Themoneyminutes.com pop-ups can not launch out of the blue. If you have actually…
About News-xcidizi.com News-xcidizi.com pop-ups can not introduce out of nowhere. If you have clicked some…
About Everytraffic-flow.com Everytraffic-flow.com pop-ups can not launch out of nowhere. If you have actually clicked…