But it turns out that hackers are taking wages of this chance past times creating in addition to distributing mistaken versions of encryption tools inward lodge to infect every bit many victims every bit possible.
Kaspersky Lab has revealed an advanced persistent threat (APT) group, nicknamed StrongPity, which has pose a lot of efforts inward targeting users of software designed for encrypting information in addition to communications.
The StrongPity APT grouping has been using watering-hole attacks, infected installers, in addition to malware for many years to target users of encryption software past times compromising legitimate sites or setting upwardly their ain malicious copycat sites.
Watering hole attacks are designed to lure specific groups of users to their interest-based sites that typically household malicious files or redirect them to attacker-controlled downloads.
The StrongPity APT grouping has managed to infect users inward Europe, Northern Africa, in addition to the Middle East in addition to targeted 2 gratis encryption utilities inward dissimilar attacks: WinRAR in addition to TrueCrypt.
WinRAR in addition to TrueCrypt are long pop inside safety in addition to privacy witting users. WinRAR is best known for its archiving capabilities that encrypting files amongst AES-256 crypto, piece TrueCrypt is a full-disk encryption utility that locks all files on a difficult drive.
By setting upwardly mistaken distribution sites that closely mimic legitimate download sites, StrongPity is able to fox users into downloading malicious versions of these encryption apps inward hopes that users encrypt their information using a trojanized version of WinRAR or TrueCrypt apps, allowing attackers to spy on encrypted information earlier encryption occurred.
"The occupation amongst people depending on tools similar this isn’t the forcefulness of the crypto, exactly to a greater extent than nigh how it's distributed," says Kurt Baumgartner, primary safety researcher at Kaspersky Lab. "This is that occupation that StrongPity is taking wages of."
Booby-Trapped WinRAR in addition to TrueCrypt Downloads
The APT grouping previously ready TrueCrypt-themed watering holes inward like shooting fish in a barrel 2015, exactly their malicious activeness surged inward goal of summertime 2016.
Between July in addition to September, dozens of visitors bring redirected from tamindir[.]com to true-crypt[.]com amongst unsurprisingly almost all of the focus on estimator systems inward Turkey, amongst roughly victims inward the Netherlands.
However, inward WinRAR case, instead of redirecting victims to a website controlled past times StrongPity, the grouping hijacked the legitimate winrar.it website to host a malicious version of the file themselves.
The winrar.it website infected users to a greater extent than frequently than non inward Italy, amongst roughly victims inward countries similar Belgium, Algeria, Tunisia, France, Kingdom of Morocco in addition to Cote D'Ivoire, piece the attackers controlled site, winrar.be, infected users inward Belgium, Algeria, Morocco, the Netherlands, in addition to Canada.
Top Countries infected amongst StrongPity APT malware
According to Kaspersky, to a greater extent than than 1,000 systems infected amongst StrongPity malware this year. The acme 5 countries affected past times the grouping are Italy, Turkey, Belgium, People's Democratic Republic of Algeria in addition to France.
The StrongPity APT's dropper malware was signed amongst "unusual digital certificates," exactly the grouping didn't re-use its mistaken digital certificates. It downloaded components include a backdoor, keyloggers, information stealers in addition to other crypto-related software programs, including the putty SSH client, the filezilla FTP client, the Winscp secure file transfer plan in addition to remote desktop clients.
The dropper malware non solely provides the hackers command of the system, exactly also allows them to bag disk contents in addition to download other malware that would bag communication in addition to contact information.
Therefore, users visiting sites in addition to downloading encryption-enabled software are advised to verify both the validity of the distribution website every bit good every bit the integrity of the downloaded file itself.
Download sites that non purpose PGP or whatever potent digital code signing certificate are required to re-examine the necessity of doing in addition to thence for the benefits of them every bit good every bit their ain customers, explained Baumgartner.
