Showing results for 
Search instead for 
Did you mean: 
Silver VIP

Crypto-Malware Steals Email Addresses and Passwords, Spreads Itself

August 27th, 2014, 15:37 GMT · By Ionut Ilascu


Word document that masks the encryption process
- Word document that masks the encryption process

A new strain of crypto-malware is currently affecting Russian-speaking countries, with functions that allow it to steal email addresses and corresponding addresses, as well as to spread on its own to the victim’s email contacts.

Apart from these particularities of the malware, security researchers note that it is written in a batch file and used multiple freely available tools to carry out its dirty work.

The attack vector is a Word document delivered via email, which claims to include a change in the terms of agreement of a service that needs to be reviewed before signing.

As soon as the victim opens the document, a downloader written in JavaScript funnels in a bunch of executables masked with the BTC extension. These are free, publicly available tools necessary for encrypting the data stored on the computer as well as for propagating the malware.


Luminary Signature.png

2016-07-18_12-11-32.png  Microsoft® Windows Insider MVP - Windows Security