Ransomware disguised as Windows Activator is emerging in the wild [source: 360totalsecurity]
Windows Activator has been a popular tool for attackers to spread Trojan viruses. Recently, 360 Security Center found a new kind of ransomware, which was spread by disguising as a Windows Activator. Through our precise analysis, we found this ransomware has a hidden configuration function, which can view and modify the key and prompt information used for encryption, and also obtain key decryption through this interface.
Virus Transmission
Trojans are bundled in the Windows Activator and spread through some foreign network disks. The ransomware first appeared on August 7th and has been spreading since then. Although the Trojan itself has been intercepted by security software, it is still being used by
Analysis
We selected one of the Trojan samples for analysis.
After the virus was started, it would be started again with parameters to implement different functions.
For more, click here.
Recommended Posts
Lazarus supply‑chain attack in South Korea [welivesecurity]
22 Nov 2020 - CIRT In Media, News Clipping
BlockThreat – Week 26, 2020
08 Jul 2020 - News Clipping