New Cryptowall 3.0 variant comes with spyware
Posted by: Timothy Weaver on 03/23/2015 09:02 AM
[
Comments
]
The latest Cryptowall-delivery campaign takes the form of spammed out messages impersonating a job seeker who's sending in a resume.
The new variant not only encrypts your files, but also attempts to steal your system’s FTP clients, web browsers, email clients and even Bitcoin wallets.
If the victim opens the attachment, the file will connect to two URLs to download what seem to be two .JPG files. However, they are not images. They are actually executables. One is a Cryptowall 3.0 variant while the other is a Fareit Trojan variant ( an info stealer ).
Trend Micro researchers note that: "Perhaps people are refusing to pay the ransom or they have become more savvy in protecting their files." It the hackers can't get the ransom, they can at least sell any info they have stolen using the spyware.
The ransom requests 500 euros or US dollars for the decryption key.
Obviously, this new variant is targeting companies rather than individuals.
Source: NetSecurity
The new variant not only encrypts your files, but also attempts to steal your system’s FTP clients, web browsers, email clients and even Bitcoin wallets.If the victim opens the attachment, the file will connect to two URLs to download what seem to be two .JPG files. However, they are not images. They are actually executables. One is a Cryptowall 3.0 variant while the other is a Fareit Trojan variant ( an info stealer ).
Trend Micro researchers note that: "Perhaps people are refusing to pay the ransom or they have become more savvy in protecting their files." It the hackers can't get the ransom, they can at least sell any info they have stolen using the spyware.
The ransom requests 500 euros or US dollars for the decryption key.
Obviously, this new variant is targeting companies rather than individuals.
Source: NetSecurity
Comments
