When it comes to security, users who are in the market of encryption software are usually wise and astute and duping them is nigh impossible. Cheating and duping them through social engineering tricks doesn’t work in most cases. At the same time, however, this means that they are also a target for cybercriminals.
A recent Kaspersky Lab research showed that one group of hackers went after the 1,000 encryption users located in Europe, North Africa and the Middle East. The attacks are engineered by the StrongPity malware and are said to act like the Crouching Yeti malware which was discovered back in 2014, Kaspersky noted.
The cyber attackers who were behind the Crouching Yeti advanced persistent threat were said to be able to turn various programs such as Virtual Private Networks, and some camera software installers into some Trojans which would then be able to access the victim’s networks. StrongPity is also known to have used about the same technique though it leveraged a different group of software. Rather than follow Crouching Yeti exact methodology, StrongPity rather decided to attack the users of certain encryption installers.
Apparently, the attacks were said to have involved some clever mechanisms and misdirection. The hackers managed to hack a website which was then able to mimic the genuine WinRar site, and it also had the complete number of links, all of which were fake.
The links rather redirected users to some corrupt websites such as ralrab.com, which is a deceptive switch to the true website which is rarlab.com. The hacking group is said to have attacked the Italian site, something which resulted in 87 percent of the victims to be located in Italy. Other countries affected included Belgium and Algeria.
The fake site also went a step further and decided to generate a recommended for each of its individual victims, something which it based on browser location and the processor capability. The package obviously had a tainted program of the WinRar.
StrongPity did not stop either, and they created a fake TrueCrypt website. Any user who decided to go through download website Tamindir were also led to the dubious website were hostile and fake links were present. Kurt Baumgartner, the principal security researcher at Kaspersky Lab said that the StrongPity droppers had some unusual digital certificates with them. In other words, the malware plans to take over your device and spy on you.