[ad_1]
Kaspersky Lab's products have detected new malware samples from the Rakhni Trojan rescue family. The main feature of this malware is that it can choose how it infects its victims – either with an encryption program or with a mining program. According to the company's researchers, malware mainly targets companies and spread mainly in Russia (95.57%). In addition, it was detected in Kazakhstan (1.36%), Ukraine (0.57%), Germany (0.49%) and India (0.41%). Only in the last year, more than 8,000 Trojan-Downloader.Win32.Rakhni Trojans have been attacked.
The distribution of malware is done via spam emails containing attachments that contain an infected executable file. . When the file is opened, the executable is released. At this point, the Trojan decides what will infect the victim's PC. Malware checks for the existence of a "% AppData% Bitcoin" directory, which could indicate the existence of a Bitcoin wallet. According to researchers at Kaspersky Lab, this leads to the assumption that victims will pay to recover their files, so the Trojan crypt, which – theoretically – guarantees the attacker a quick profit. In the other scenario, offenders will try to "earn" the victim's money without observing it, by setting up a mining program – provided that CP has sufficient capacity for such actions. who consume many resources. 19659003] It is interesting to note that the Trojan can completely ignore the infected device and not install any encryption or extraction program. The victim does not escape, unscathed, because the network worm will be launched – for example, the Trojan will try to distribute copies of all available computers on the victim's local network
"(a encryption program), by the unauthorized use of resources (the mining program), or by widening it to a large extent, malware distribution chain with worm network " says Orkhan Mamedov, malware analyst, Kaspersky Lab
Kaspersky Lab's products detect this malware with the following verdicts:
Downloader: Trojan-Downloader.Win32.Rakhni.pwc
Minor: not-a-virus: RiskTool.Win32.BitCoinMiner.iauu
Cryptor: Trojan-Ransom.Win32.Rakhni.wbrf
Source link