DARKReading: Fake Google Software Updates Spread New Ransomware
jim bell
jdb10987 at yahoo.com
Tue Jul 12 23:09:57 PDT 2022
DARKReading: Fake Google Software Updates Spread New Ransomware.
https://www.darkreading.com/attacks-breaches/attacker-using-fake-google-software-update-to-distribute-new-ransomware
Fake Google Software Updates Spread New Ransomware
"HavanaCrypt" is also using a command-and-control server that is hosted on a Microsoft Hosting Service IP address, researchers say.Jai VijayanContributing Writer, Dark ReadingJuly 11, 2022 actors are increasingly using fake Microsoft and Google software updates to try to sneak malware on target systems.The latest example is "HavanaCrypt," a new ransomware tool that researchers from Trend Micro recently discovered in the wild disguised as a Google Software Update application. The malware's command and-control (C2) server is hosted on a Microsoft Web hosting IP address, which is somewhat uncommon for ransomware, according to Trend Micro.
Also notable, according to the researchers, is HavanaCrypt's many techniques for checking if it is running in a virtual environment; the malware's use of code from open source key manager KeePass Password Safe during encryption; and its use of a .Net function called "QueueUserWorkItem" to speed up encryption. Trend Micro notes that the malware is likely a work-in-progress because it does not drop a ransom note on infected systems.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 6045 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20220713/cd64b668/attachment.txt>
More information about the cypherpunks
mailing list