Fiesta malware delivers ransomware
Posted by: Timothy Weaver on 05/06/2015 08:21 AM
[
Comments
]
Torrent site SubTorrents, which is popular in Spain and Latin America, is infecting users with a trojan.
In this case, using the Fiesta Exploit Kit, the site redirects the victims to the malicious payload.
Jerome Segura, senior security researcher at Malwarebytes Labs, said: “Downloading illegal torrents is dangerous business. On top of fake files that waste your time and bandwidth, users have to navigate through a sea of misleading ads and pop-ups.”
The site itself has been compromised and serves a well-hidden iframe.
“The author had some fun trying to make things a little more complicated,” Segura said. “Rather than directly inserting a malicious iframe to the exploit kit landing, they chose to build it on the fly by retrieving the content from an external .js.
The payload, which looks like the Kovter ransomware, locks the phone or PC and then displays a message saying the user has broken the law and will need to pay a fine to unlock the device.
Segura went on to add: “[Torrent] visitors may end up saving a few bucks off that latest movie but could also risk a lot more, like getting a nasty malware infection. Ransomware being so prevalent these days could mean that all of a user’s files, including those movies and songs, could be encrypted and held for ransom.”
Source: InfoSecurity
In this case, using the Fiesta Exploit Kit, the site redirects the victims to the malicious payload. Jerome Segura, senior security researcher at Malwarebytes Labs, said: “Downloading illegal torrents is dangerous business. On top of fake files that waste your time and bandwidth, users have to navigate through a sea of misleading ads and pop-ups.”
The site itself has been compromised and serves a well-hidden iframe.
“The author had some fun trying to make things a little more complicated,” Segura said. “Rather than directly inserting a malicious iframe to the exploit kit landing, they chose to build it on the fly by retrieving the content from an external .js.
The payload, which looks like the Kovter ransomware, locks the phone or PC and then displays a message saying the user has broken the law and will need to pay a fine to unlock the device.
Segura went on to add: “[Torrent] visitors may end up saving a few bucks off that latest movie but could also risk a lot more, like getting a nasty malware infection. Ransomware being so prevalent these days could mean that all of a user’s files, including those movies and songs, could be encrypted and held for ransom.”
Source: InfoSecurity
Comments
