ESET researchers document malware-distributing spam campaigns targeting people in France
In May 2019, ESET researchers observed a spike in ESET telemetry data regarding malware targeting France. After further investigations, we identified malware that distributes various types of spam. One of them is leading to a survey that redirects to a dodgy smartphone promotion while the other is a sextortion campaign. The spam targets the users of Orange S.A., a French ISP. We notified them before the release of this publication.
We believe the spambot is under heavy development and it has changed a lot since the first time we saw it. A mention about this threat was posted on Twitter by AnyRun; however, to the best of our knowledge no one has published a detailed analysis of it. We named this new malware Varenyky, and on July 22nd, ESET researchers saw it launch its first sextortion scam campaign.
This spambot is interesting because it can steal passwords, spy on its victims’ screen using FFmpeg when they watch pornographic content online, and communication to the C&C server is done through Tor, while spam is sent as regular internet traffic. This article describes the functionality of the malware.
Distribution
Varenyky was seen for the first time early in May 2019. At this time, we unfortunately cannot tell how it was distributed, but the more recent email phishing distribution and context suggest that the operator has been using this technique since the beginning.
One month later, in June 2019, we saw the first malicious document that initiates the infection of the victim’s computer, attached to an ..
Support the originator by clicking the read the rest link below.
