It’s a form of what is known as social engineering. Criminals will use a slightly misspelled word from a name of a popular product or even an exact copy of a logo or product name, in the hope to fool users into installing a malicious piece of software or virus onto their own system. The most prevalent and dangerous form of malware in 2016 is definitely ransomware, which encrypts files on whatever system gets infected and then demands a ransom, usually in Bitcoin, to “unlock” the files on the server or workstation.
A non-functional but potentially dangerous variant of the DetoxCrypto cryptomalware, which was itself just detected a month ago, has been seen “in the wild”. Experts are warning this could be new RaaS (Ransomware as a Service) gearing up for mass distribution over the Dark Web. RaaS enables even non-technical savvy criminals to access sophisticated infection and ransomware tools on a referral basis.
This new version uses the logo and a slightly misspelled name of Malwarebytes, a popular and effective anit-malware tool. If you look closely you will see it is spelled ‘Malwerbytes” and the logo is nearly identical. While this new version is not operating yet it could be appearing in a malicious form soon.
Other new ransomware variants include one dubbed doxware. It combines the nastiness of ransomware, holding your files hostage until you pay up, with “doxing”, which is an old favorite hacker technique of publishing a victim’s name, address, phone number, family members and other personal information online. In this new attack a screen alerts the victim that computer files have been encrypted with a ticking clock for paying the ransom. It adds thr warning that all login information, contacts and Skype history have been uploaded onto a server and promises to send that information to each of the victim’s contacts if they do not pay up.
It also looks automatically for any file with specific keywords like “nude” or “resume” in an attempt to find damaging information to share.
The best defense against any ransomware attack is to always be careful about opening email attachments. Make sure you know and trust the sender. Make sure the email makes sense and is not a random request from an even commonly known sender.
Recently we have seen a rash of spoofed emails that appear to be from FedEx or another delivery company referring to a missed delivery of a package. It instructs the victim to download and print a shipping label, which is in fact an automated script that releases and runs the crypto malware that locks the user’s files. Beware and avoid!