“Charitable Trojan” – blackmailer CyptMix demands money for child assistance
The blackmailers use a new method of psychological pressure to force victims to pay the ransom.
Recently, the blackmail software gain increasing popularity with the cyber criminals, and a new Trojan Encoder shows up almost every week. While some use the blackmail software for enrichment at the expense of the innocent victims, others make it get money to charity.
Heimdal Security experts have found a new Trojan Encoder CyptMix, whose distributors promise to deliver the ransom to the children’s charity. However, it is not specified how the blackmailers intend to transfer the raised money to the children. Most likely, the big pronouncements are merely a method of psychological pressure on victims.
«Your money will be transferred to the children’s charity, which means you can also participate in the process. Many children will get presents and medical care! We believe that you are a kind and honest person! Thank you so much! We wish you all the best! Your name will be on the main list of benefactors and will remain in the history of charity forever! », – states the announcement, displayed on the screen of infected PC.
CyptMix is distributed through the phishing e-mails and drive-by attacks. After encrypt files on the victim’s system, the blackmailer demands ransom for their recovery in size of 5 bitcoins (about $2200), which is unusually large sum of money for Trojan Encoder. The malware is written on the base of open source and represents the version of CryptoWall 4 with CryptXXX options. The authors of malware also corrected the vulnerability, which allowed the “Kaspersky Lab” to create the tools for file recovery, encrypted by CryptXXX.
Android devices again under threat
The five-year-old vulnerability puts the millions of users of Android devices at risk of data breach. An exploitation of error allows attackers to increase the system privileges and get access to the device data.
The researches of FireEye Mandiant Red Team department have revealed the details of CVE-2016-2060 vulnerability, particularly affecting hundreds of models of Android devices on the base of Qualcomm chipset.
An exploitation of this error allows attackers to increase the system privileges and get access to the Internet, SMS-messages, call logs, etc. Google Nexus devices are not vulnerable to the problem.
The most vulnerable devices are gadgets on the platforms Android Lollipop (5.0), KitKat (4.4), Jellybean MR2 (4.3) and Ice Cream Sandwich MR1 (4.0.3). Though in March this year, Qualcomm has produced the improved patch, the Android devices are still in danger, until the producers release the corresponding update for their products.
The problem was contained in Qualcomm Tethering Controller and caused by the error in API from Qualcomm. According to the researchers, the vulnerability exists since 2011. Considering that the vulnerable software Qualcomm is used in different projects, including CyanogenMod (Android fork), it is not possible to determine the exact number of the vulnerable devices.
There are two ways of successful exploitation of an error. The first one implies physical access to the vulnerable device, the second one – use of malware, which the victim should download and launched on the gadget. At that, such program won’t be detected by anti-virus products as malware, as it requires authorization, usually requested and approved by default for millions of applications. Moreover, according to the experts, such devise will probably to pass all the tests of Google Play Store.
Let’s remind that this week Google released a number of updates, correcting 40 vulnerabilities in Android OS.