It is currently 22-08-2017 10:24

The elgato ransomware attacks android devices that locks the sd card and steals sms

The elgato ransomware attacks android devices that locks the sd card and steals sms

by seo_worker » 2016-08-11 12:45:14



Rent-seeking is a real trend in the cybercrime environment, and such attacks suffer not only users of desktop systems. The company's specialists McAfee found the ElGato ransomware that targets Android devices. Oddly enough, this is no ordinary screen locker and don't scareware, intimidating users. ElGato is a complete cipher, which is also capable of stealing personal information of the victims.

The researchers reported that malware has good potential to create a botnet and command and control servers of the malware operate on the basis of a legitimate provider of cloud hosting. With C&C-server ElGato communicates through HTTP without any encryption, so all commands and data are transmitted openly.

Opportunities malware was listed by the ability to redirect and delete SMS messages victims to send messages from the infected device to encrypt files on the SD card or files in specific directories. After encrypting malware change the file extensions on .enc. 20160808-ElGato-1-180x300

For decryption, the malware operators can, of course, the ransom by blocking screen device for an extortionate message. After the victim pay, malware will also take on the role of dushirovanie. However, the experts write that while ElGato is not showing the message with a ransom note and asking for money, instead the device's screen is blocked by a meaningless picture of a cat. The fact that El Gato is "cat" in Spanish.

As malware communicates with the managing server via HTTP, the researchers were able to track C&C server, attackers and was surprised to find there isn't password protected control panel (and even in Russian).



Qoute:"This variant of ransomware similar to the demo version, which is used by cyber criminals for commercialization, since the interface control server is not protected, and the code includes phrases like MyDificultPassw, — reported experts McAfee. McAfee Labs has already informed owners of compromised servers and asked them to stop malicious activity."
seo_worker
users
Сообщений: 732
Депозит: 0.005 BTC

Rating: 2