A new ransomware variant called ‘Coronavirus’ is distributed through a bogus website Wisecleaner.best , pretending as if it is recommending device optimization software. With the panic around the coronavirus outbreak becoming worse everyday, a hacker has specially packaged two malware and distributed this using this fake website.
First discovered by MalwareHunterteam, this coronavirus ransomware was studied and analyzed to have inherited wiper like characters as well. Attackers have created the Wisecleaner site, which looks exactly like the Windows system utility site Wisecleaner.com (another example of Phishing scam) and contains a file named WSHSetup.exe which will trigger the download of the coronavirus ransomware and info-stealer malware Kpot. Once the execution begins, two different files are downloaded, the file1.exe which downloads the Kpot info-stealer and the file2.exe that downloads the coronavirus ransomware.
Kpot can steal passwords from browsers, messaging applications, VPNs, gaming accounts like Stream and also steal cookies. It can also fetch information from FTP communication and other login credentials. Kpot has some extra perks that hackers can utilize, like sharing screenshots of the infected computer and getting away with cryptocurrencies from the victim computers.
Like any other ransomware, this one encrypts 50 different formats of files in users machines and renames it with ‘coronaVi2022@protonmail.ch___1.jpg’ and in some cases it sends the email in loops to name the files. After encrypting the files, the coronavirus ransomware asks for 0.008 bitcoin as the ransom which is approximately $50. And to spice things up it also renames the C: drive as a coronavirus.
Other ransomware’s primary intentions were to encrypt files and ask for ransom, once paid hackers would share the encryption key or they may not. On the contrary, this ransomware is found to retain wiper attributes meaning it can delete the encrypted files anytime and also the ransomware comes with a info-stealer malware which may sustain in the infected computer making it look tiny compared to the Coronavirus encryption. However, this Kpot malware can steal cookies, login credentials, and more for long time, it can totally spy on the users using its spyware kinda attributes making the threat critical comparatively. Last month we did discuss about another info-stealing malware called ‘Raccon‘ which stole data from 60 different applications.
Users are advised to stay aware of this bogus Wisecleaner website and for those who have been infected by this strain please ensure your have updated your credentials from a different system before it is too late. While most of the ransomware exploits a vulnerability in a system or network this strain is none of that type, hacker crafts a website and distributes the malware so anyone can become a victim to this threat, thus stay alert.
Subscribe to ‘The Cybersecurity Times’, for daily alerts on cyber events. You can also follow us on Facebook, Linkedin, Instagram, Twitter and Reddit.
Explore efficiency with the Top 5 Best Project Management Software – streamline tasks, boost collaboration,…
Explore the top 5 best free antivirus apps for Android smartphones – your essential defense…
Unlocking India's DPDP Act: Your Guide to Rights, Responsibilities, and Top 5 Tools for 2024.…
Uncover insights on advanced features, performance, and user experiences. Discover the top 5 best Data…
Unlock efficient Windows Server patching with insights on top tools and vendors. Streamline your cybersecurity…
Software deployment is the process of rolling out an application, which could occur manually or…