Monday, August 15, 2016

Pokemon Go: A not yet seen ransomware variant hits well known game app

Lately we have been mentioning the increased emergence of malicious versions of Pokemon Go app or known as PokeMalware. Moreover, we have been also mentioning the increased emergence of ransomware in 2016.

It was just a matter of time these two security hits will merge together.

Pokemon ransomware

Michael Gillespie, discovered a ransomware that impersonates a PokemonGo application for Windows and targets Arabic victims.

The new Pokemon Go ransomware, as every other ransomware, first scans victim’s files. Once the ransomware encrypts certain files it will show a ransom note that tells the infected user to contact me.blackhat20152015@mt2015.com to pay the ransom.

Advanced ransomware variant with not yet seen features

But it is not like other ransomware variants.

According to malware researcher, Lawrence from Bleeping Computer, this ransomware variant has features that were not found in any other ransomware variant and they include adding a backdoor Windows account which allows spreading the executable to other drives, creating network shares and by doing this the developer gains access to victim's computer whenever he/she wants.

Moreover, researchers believe that is not the final version of the ransomware since there are many present indications that show that it is still in development phase such as usage of static AES key of 123vivalalgerie and hard coded C2 server uses an IP address that is assigned only for private use.

Ransomware targets Arabic victims 

Ransom note in Arabic


1. Pokemon Go Ransomware note in Arabic (Source:Bleeping Computer)
Ransom note in English


                     2. Pokemon Go Ransomware note in English (Source:Bleeping Computer)

Stay safe and install Zemana Mobile Antivirus!





No comments:

Post a Comment