New Malware Maximizes Attackers Profits

27 Jul
Company, Industry, News

New Russian born malware chooses if users should be attacked with Ransomware or Crypto Script.

Historically, ransomware attacks have been strictly infecting computers with ransomware. While crypto attacks have been infecting CPU’s with crypto mining scripts. However, hackers have found a way to merge the two attacks, ensuring the highest payment possible. The Rakhni Trojan gives the opportunity for hackers to infect victims with either ransomware or cryptomining scripts, by allowing the virus to choose which will increase rewards.

The malware is spread through official looking emails, where the user is prompted to download fake financial documents. Once the victim downloads the document and enables editing, a malicious script is run in the background. After the quick execution, the downloaded file shows an error message – probably to shake victims off the hoax document. Furthermore, the attackers made the malware look like an adobe product, further taking victims off the scent.

Yet, the real genius of the attack comes once the malware is fully downloaded. The malware scans your computer for a Bitcoin data folder (%AppData%/Bitcoin), if found, the malware downloads the ransomware. However, if it doesn’t then it decides to download the mining process.

It isn’t done yet, if the malware finds the computer has enough logical processors (more than 2) and a Bitcoin wallet it will still download a cryptominer. In this case, the malware realizes that the infected device has great mining potential, thus, greater profit potential. Moreover, if a device has the inadequate processing power and no Bitcoin wallet, the malware turns into a worm and infects all other devices on the local network.

If a victim becomes infected with ransomware, their files are automatically decrypted and Orkhan Mamedov, a researcher with Kaspersky Lab says, “the ransom note warns the victim that using third-party decryptors can corrupt files and even the original decryptor would not be able to decrypt them,” he told threat post. “The last sentence of the ransom note informs the victim that all requests will be processed by an automatic system.”


Secure Sense is the security provider that cares. We are a team of experts with a passion for IT and protecting your organization is what motivates us daily. If you have questions, want to learn more about our services or just want to chat security please give us a shout. If you’re looking to guest blog, please send an email here.

You can also find us on TwitterFacebook,  LinkedIn.


Source: Threat Post