Proofpoint (cyber security company) researchers have discovered a new type of malware with interesting and severe functionality.
In addition to encrypting files on the infected computer, CryptXXX can also steal bitcoins, passwords, and other important information. To recover data access, malware operators demand a ransom of $1.2 Bitcoin (approximately $515).
New Bleeder CryptXXX Able To Steal Bitcoins And Personal Data
Attackers use a set of exploits, Angler, to spread the malware CryptXXX, particularly malware Bedep, capable of downloading other Trojans on the infected system and initiating fraudulent clicks.
In addition to encrypting the content, CryptXXX collects the data about applications installed on your computer for instant messaging, e-mail clients, FTP managers, and browsers. The malware can also steal bitcoins and credentials from the computer or system of the victim.
According to the experts of Proofpoint, some signs indicate that the authorship belongs to CryptXXX creators exploiting whale Angler, malware, and Bedep Reveton.
CryptXXX is not only the new extortionist discovered recently. For example, the researchers of the software company CheckPoint (an international provider of software and combined hardware and software products for IT security, including network security, endpoint security, data security, and security management) informed when a new version of the Trojan Kovter, able to encrypt files on the targeted device.
According to the experts, the Trojan obfustsiruet is only the first part of the files. The malware encrypts quickly, and the most interesting target for the malware is the documents. Since the encryption key is stored locally on the device, access to the files is easy to recover.
Fabian Wosar, the cyber security company Emsisoft researcher, discovered a new software extortionate AutoLocky, imitating known malware Locky.
The program is written in AutoIt and is not as complicated as the original Locky. In particular, AutoLocky does not use C & C-infrastructure for the key exchange in the memory to encrypt files, and currently, this malware distribution method is unknown.
Once AutoLocky accesses the system, it studies the data stored on the disk and encrypts them using the AES-128 algorithm.
The malware adds an extension “.locky” files on the system, but unlike the present, Locky does not change their names. But Fabian Wosar, a cyber security company Emsisoft researcher, has developed a tool that allows you to recover all your content infected by the malware AutoLocky.