By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

An executable file disguised as a .jpg leads not only to ransomware but also its builder, which can be used to create variants. A malicious spam campaign that informs victims it contains a “critical Windows update” instead leads to the installation of Cyborg ransomware, researchers have found. Further, they were able to access its builder, which can be used to create malware variants. The email-based threat, discovered recently by researchers at Trustwave, is unique in a few ways, researchers unveiled in a blog post on Tuesday. For instance, the attached file purports to be in .jpg format, even though it opens an .exe file. Another unique aspect is that the emails contain a two-sentence subject, “Install Latest Microsoft Windows Update now! Critical Microsoft Windows Update!”— but it has just one sentence in its email body, researchers said. Typically, malicious emails include a longer, socially engineered message intended to lure victims into clicking malicious files. But perhaps the most crucial element of the analysis is that the Cyborg ransomware creators also left a trail from the executable that led researchers to discover the malware builder hosted on the Github developer platform. “The 7Zip file ‘Cyborg Builder Ransomware V 1.0.7z’ from Cyborg-Builder-Ransomware repository was uploaded two days before the Github account misterbtc2020 hosted the Cyborg ransomware executable,” according to the post. “It contains the ransomware builder ‘Cyborg Builder Ransomware V 1.0.exe.'” This adds a new dimension to the attack, Karl Sigler, threat intelligence manager for Trustwave SpiderLabs, told Threatpost in an email interview. “Ransomware has been widely used to attack different organizations and governments and having it and its builder hosted on a software development platform Github is significant,” he told us. “Anyone can grab a hold of it and create their own Cyborg ransomware executable.”  For more turn your browser to OUR FORUM.

 

Translate