It is currently 23-10-2017 01:46

Extortionist sends DetoxCrypto operators screenshots of victim's computer

Extortionist sends DetoxCrypto operators screenshots of victim's computer

by sigismund » 2016-08-23 13:36:36


Presumably, on the basis of information screenshot the hackers set the ransom.


The researcher under the pseudonym MalwareHunterTeam have discovered a new species extortionate software in two versions, one of which is able to take screenshots of the screen of victim's computer and send them to C&C server, attackers. The second applies under the apps view Pokémon GO, according to Bleeping Computer.

Both versions have the functionality for the standard rent-seeking. The malware encrypts files using the AES algorithm and is able to stop the services MySQL and MSSQL on the infected computer. Once on the system, both the Trojan displays a ransom notification, simultaneously running audio.

The researcher has so far failed to identify ways to spread malware. According to him, both versions contain the executable file comprising several components. After starting the main file of the extracted file MicrosoftHost.exe the audio file, the background image and the executable file name depending on the option (Calipso.exe or Pokemon.exe).

MicrosoftHost.exe is used to encrypt the content and the processes of MySQL and MSSQL on the infected computer. The second executable file may display a notification, play an audio file and decrypt the encrypted content if the victim can provide the correct password.

The main feature of version of Calipso is the ability to capture screen and send data to criminals. As the expert believes, based on information screenshot the operators of the Trojan sets the amount of ransom.
sigismund
moderators
Сообщений: 788
Депозит: 0 BTC

Rating: 5