Login

Register

Login

Register

#cybersecurity | hacker | FTCODE ransomware acquires info-stealing powers

[ad_1]

The recently discovered ransomware FTCODE has evolved to include new information-stealing capabilities, and is now infecting victims via VBScript links in phishing emails.

Researchers from the Zscaler ThreatLabZ team, who say they first discovered the PowerShell-based malware, detailed the latest changes in a blog post late last week.

The new iteration, version 1117.1, contains code that steals credentials from Internet Explorer, Mozilla Firefox and Thunderbird, Google Chrome and Microsoft Outlook.

When a target clicks on a VBScript link within the phishing email, the FTCODE PowerShell script is loaded. “The script first downloads a decoy image into the %temp% folder and opens it trying to trick users into believing that they simply received an image, but in the background, it downloads and runs the ransomware,” explain Zscaler researchers and blog post authors Rajdeepsinh Dodia, Amandeep Kumar and Atinderpal Singh.

Prior to leveraging VBScript links, FTCODE’s distributors had been sending out spam emails with attached documents containing malicious macros that, when opened, infected the target.

The ransomware component works by searching drives with a minimum of 50kb of free space and a wide range of file types within them. It reportedly uses AES encryption to scramble the affected files, then instructs victims in a note to download the Tor browser, open a specific link and follow instructions to pay up.

[ad_2]

Original Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW