Hjem » Nyheter » Trojan varenyky spioner på pornosider brukere

Trojan varenyky spioner på pornosider brukere

ESET experts warned that since May 2019, French users have been attacked by Windows malware Varenyky, which not only sends spam from infected machines, but also records everything that happens on victimscomputers when they visit porn sites — Varenyky spies on porn sites users.

Varenyky spreads according to the classical schemethrough malicious emails that supposedly contain some important invoices. Faktisk, of course, there is no accounts in investments, and malware penetrates usersmachines in this way.

The main goal of Varenyky is to send spam that targets French users (mainly aimed at the clients of the Internet provider Orange SA).

“This spambot is not very advanced, but the context and story around it make it interesting. Many functions have been added and then quickly removed across many different versions in a short period of time (two months). This shows that the operators are actively working on their botnet and are inclined to experiment with new features that could bring a better monetization of their work”, — report in ESET.

Som en regel, malware spread by links to suspicious promotions that supposedly allow winning expensive smartphones. To participate in such adrawthe user, of course, needs to enter a lot of personal data, including name, address, city, email address, phone number and bank card information.

derimot, in late July, Varenyky began to send out other messages related tosextortion.

Merk: The term sextortion derived from the words “sex” and “extortion” and is used to indicate such activity.

In such messages, Varenyky operators claim that they infected userscomputers while visiting adult sites, recorded everything on video and now demand a ransom. Interessant, these statements are only partially false.

LESE  Virus Check.exe Trojan kommer tilbake

The fact is that Varenyky, of course, does not follow random recipients of spam emails, but really has a hidden function that looks through the window titles and looks for words related to pornography, for eksempel, the Frenchsexe”. Deretter, using the FFmpeg bibliotek, the malware records everything that happens on the user’s screen. Det er, this function should work when a user visits adult sites. The video recorded in this way is transmitted to the control server of the malware, located on the Tor network.

Message of Varenyki Trojan
Message of Varenyki Trojan

What then the malware operators do with the received video is unknown. ESET analysts note that as Varenyky is under development, malware now has new features, and old ones are deleted. På grunn av dette, it is difficult to understand why Varenyky’s operators collect such videos (allegedly virus writers can do this for fun or simply of curiosity).

Les også: The new version of the banking Trojan TrickBot “kicks off” Windows Defender

It is also possible that in the future, attackers plan to blackmail Varenyky victims with recorded videos, extorting money from them. The fact is that Varenyky operators can easily associate recordings with the real identities of users. Å gjøre dette, the malware has another hidden function that extracts usernames and passwords from browsers and email clients. All this data is also transmitted to the management server.

And if Varenyky developers ever decide to ransom money from users, they will know exactly where and to whom to send a compromising record about a visit to a porn site.

[Totalt:0    Gjennomsnitt:0/5]

Om Trojan Killer

Carry Trojan Killer Portable på minnepinne. Vær sikker på at du er i stand til å hjelpe din PC motstå eventuelle cyber trusler uansett hvor du går.

Sjekk også

Smominru Botnet sprer seg raskt raskt

Smominru botnet sprer seg raskt og hacks løpet 90 tusen datamaskiner hver måned

Kryptovaluta gruvedrift og identitetstyveri botnet Smominru (også kjent som Ismo) begynte å spre seg utrolig …

TFlower ransomware bruker RDP

Forskere sier om økende aktivitet TFlower, en annen ransomware som bruker RDP

Ifølge piper Computer, aktiviteten av TFlower, en ransomware som bruker RDP og er …

Legg igjen et svar