Tweet
Security researchers have discovered a new malware scam capable of locking Window users out of their PCs - the first of its kind to play on fears surrounding the ongoing pandemic.
Referred to as MBRLockers, this group of malware substitutes the Windows Master Boot Record (MBR), preventing the operating system from starting up as usual.
Victims are typically presented with a ransom note demanding an unlock key is purchased via the dark web, or simply a derisive message from the hacker.
[ul]
[li]Malicious Android apps use coronavirus to hack user devices[/li][li]Coronavirus hospital suspends activity over cyberattack[/li][li]Coronavirus malware infects thousands of devices worldwide[/li][/ul]
According to MalwareHunterTeam, the group responsible for the discovery, the new malware is being diffused as executable file COVID-19.exe.
Windows malware
The new coronavirus-themed malware reportedly executes a batch file that shifts various data, configures certain programs to open on boot and then forces Windows to restart.
Once the PC has restarted for the first time, the user is met with an image of the coronavirus and a jeering message: “coronavirus has infected your PC!”. On every subsequent restart, a plain-text message reads “Your Computer Has Been Trashed (sic)”.
An investigation by cybersecurity firms Avast and SonicWall found the malware also executes a program that backs up the original MBR to a separate location and replaces it with a custom version, responsible for the threatening messages at restart.
The Avast investigation also uncovered a bypass included in the custom MBR that allows affected users to revert to the original and boot Windows as normal. This can be performed by pressing the CTRL, ALT and ESC keys simultaneously.
Opportunist cybercriminals of all varieties are capitalising on panic surrounding the coronavirus. Recent weeks have seen ransomware and DDoS attacks on healthcare institutions, including the World Health Organisation, and a multitude of virus-themed phishing scams enter circulation.
Users are advised to exercise particular caution when downloading files, ensure devices are protected with effective security software and use VPN services to preserve online privacy.
[ul]
[li]Here’s our list of the best antivirus services of 2020[/li][/ul]
Via Bleeping Computer
Continue reading…
Referred to as MBRLockers, this group of malware substitutes the Windows Master Boot Record (MBR), preventing the operating system from starting up as usual.
Victims are typically presented with a ransom note demanding an unlock key is purchased via the dark web, or simply a derisive message from the hacker.
[ul]
[li]Malicious Android apps use coronavirus to hack user devices[/li][li]Coronavirus hospital suspends activity over cyberattack[/li][li]Coronavirus malware infects thousands of devices worldwide[/li][/ul]
According to MalwareHunterTeam, the group responsible for the discovery, the new malware is being diffused as executable file COVID-19.exe.
Windows malware
The new coronavirus-themed malware reportedly executes a batch file that shifts various data, configures certain programs to open on boot and then forces Windows to restart.
Once the PC has restarted for the first time, the user is met with an image of the coronavirus and a jeering message: “coronavirus has infected your PC!”. On every subsequent restart, a plain-text message reads “Your Computer Has Been Trashed (sic)”.
An investigation by cybersecurity firms Avast and SonicWall found the malware also executes a program that backs up the original MBR to a separate location and replaces it with a custom version, responsible for the threatening messages at restart.
The Avast investigation also uncovered a bypass included in the custom MBR that allows affected users to revert to the original and boot Windows as normal. This can be performed by pressing the CTRL, ALT and ESC keys simultaneously.
Opportunist cybercriminals of all varieties are capitalising on panic surrounding the coronavirus. Recent weeks have seen ransomware and DDoS attacks on healthcare institutions, including the World Health Organisation, and a multitude of virus-themed phishing scams enter circulation.
Users are advised to exercise particular caution when downloading files, ensure devices are protected with effective security software and use VPN services to preserve online privacy.
[ul]
[li]Here’s our list of the best antivirus services of 2020[/li][/ul]
Via Bleeping Computer
Continue reading…