“Social engineering through online video games has been going on for some time. “Combining game malware with ransomware was inevitable,” Chris Morales, head of security analytics at Vectra, told Threatpost. “The next step is it will set a timed procedure to try and delete the encrypted files in the directories listed below, deleting the files every two hours in the following order: %userprofile%\Pictures %userprofile%\Desktop and %userprofile%\Documents,” the researchers wrote.Īt the same time, it starts using LimeUSB_Csharp.exe to infect USB drives if they exist. It also monitors for Taskmgr, Procmon64 and ProcessHacker, which could interrupt its processes. Once the payload is executed, it connects to a command-and-control (C2) server and disables Windows Defender and UAC through a registry tweak.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |