October 12, 2016 New Strongpity Malware Being Used Through Winrar Tool

New Strongpity Malware Being Used Through Winrar Tool

A new malware had been discovered by security firm, Kaspersky Lab, and it is called StrongPity. The new malware targets the web users who look for two specific things; the WinRar and the TrueCrypt tool. The WinRar tool is one of the best file compression programs available and the latter is former open source on the fly encryption tool.

New Strongpity Malware Being Used Through Winrar Tool
Credit: YouTube

StrongPity also makes itself look like an installer for the two tools and gives the cyber attackers a chance to completely control the device they are installed on once the process of installation is complete, and therefore giving the attackers complete control.

The security firm noted that the malware attack was mainly seen in Italy and Belgium, with some bouts experienced in Turkey, North Africa and the Middle East. When attacking using the WinRar tool, the malware will be put up on some fake websites using some two transposed letters which are in their domain names. This enables the malware to resemble an installer site. The file’s link on the domain will then be given a legitimate WinRar distributor site.

In their report which detailed the attack, they said that they had disclosed that in one single week the malware could deliver from distributor sites which were in Italy and which appeared through various parts of the European continent and Northern Africa and the Middle East. Over the summer period, the most affected countries included Italy, Belgium and Algeria with a penetration rate of 87 percent, 5 percent and 4 percent respectively.

Kaspersky also noted that they had discovered the method on May 28th in Belgium. Before that the security firm had also seen one more WinRar distribution which happened in Italy and had directly handed out a fake WinRar installer rather than sending the user to an infector site.

The company also confirmed that the TrueCrypt installer was also active at the end of September. There has been one corrupt TrieCrypt website which has been responsible for forking out the infected installer which was experienced in May. The attack claimed about 95 percent of its intended victims in Turkey alone.

The principal security researcher at Kaspersky Lab, Kurt Baumgartner was the one to make a presentation of the company’s findings on the malware at the Virus Bulletin 2016 conference. In the report, he noted that the malware was similar to the Yeti/Energetic Bear malware which had also been attacking the IT software installers which were legitimate and compromising the distribution sites which were genuine.

StrongPity attackers can also steal hard drive data on top of downloading some additional modules which can scoop the infected PCs communications and their contacts. The Kaspersky Lab software is able to detect the malware and remove it.

Tagged on:

Leave a Reply

Your email address will not be published. Required fields are marked *