Meet CoronaVirus, not the virus… but the ransomware.
Another day, another Coronavirus related ransomware – This time, researchers have discovered new ransomware ironically named CoronaVirus.
This ransomware is being distributed via an infected website that pretends to advertise WiseCleaner, a legit Windows system optimization, and utility software, but actually infects the device with CoronaVirus ransomware and the information-stealing tool Khalesi or Kpot trojan.
Fake Wisecleaner website – Image via Bleeping Computer
Clearly, with this new campaign, attackers are trying to monetize from the worldwide unrest caused by the COVID-19 outbreak.
The further probe by Malware Hunter Team revealed that this ransomware is a wiper, and is distributed via a file titled WSHSetup.exe. It is the main downloader file for both CoronaVirus and Kpot. Upon its execution, the file downloads additional files from a remote website, one of which is the Kpot Trojan embedded into a file titled file1.exe.
See: Coronavirus Tracking App is ransomware; locks phones for ransom
Kpot can exfiltrate a variety of sensitive data from the device including web browser data, email, instant messengers, VPN, cryptocurrency, RDP, FTP, gaming software, and account information, apart from taking screenshots of the desktop and targeting crypto wallets stored on the device.
According to Ble ..
Support the originator by clicking the read the rest link below.
