It was just a matter of time these two security hits will merge together.
Michael Gillespie, discovered a ransomware that impersonates a PokemonGo application for Windows and targets Arabic victims.
The new Pokemon Go ransomware, as every other ransomware, first scans victim’s files. Once the ransomware encrypts certain files it will show a ransom note that tells the infected user to contact email@example.com to pay the ransom.
Advanced ransomware variant with not yet seen features
But it is not like other ransomware variants.
According to malware researcher, Lawrence from Bleeping Computer, this ransomware variant has features that were not found in any other ransomware variant and they include adding a backdoor Windows account which allows spreading the executable to other drives, creating network shares and by doing this the developer gains access to victim's computer whenever he/she wants.
Moreover, researchers believe that is not the final version of the ransomware since there are many present indications that show that it is still in development phase such as usage of static AES key of 123vivalalgerie and hard coded C2 server uses an IP address that is assigned only for private use.
Ransomware targets Arabic victims
Ransom note in Arabic
1. Pokemon Go Ransomware note in Arabic (Source:Bleeping Computer)Ransom note in English
2. Pokemon Go Ransomware note in English (Source:Bleeping Computer)
Stay safe and install Zemana Mobile Antivirus!