Clever CryptoWall Spreading Via New Attacks

  /     /     /  
Publicated : 22/11/2024   Category : security


Clever CryptoWall Spreading Via New Attacks


Top ransomware doesnt waste time jumping on the latest Flash zero-day, and hops rides on click fraud campaigns, too.



The CryptoWall ransomware operators continue to innovate -- not only improving the payload itself, but also expandings its methods of proliferation.
For example, within two hours, a device hijacked for relatively innocent click fraud attacks can become a conduit for far more serious kit -- including CryptoWall.
As researchers at Damballa explain in their 
latest State of Infections Report
, operators of the RuthlessTreeMafia click fraud malware campaign infect client machines via the Asprox botnet. As a second revenue stream, they sell other attackers access to those bots.
The threat actors running the Rerdom and Rovnix Trojans had first dibs -- but through a chain of events that took only two hours, some victims were eventually infected with CryptoWall as well.
The intricacies of advanced infections mean that a seemingly low risk threat – in this case click fraud – can serve as the entry point for far more serious threats, said Damballa CTO Stephen Newman.
The ransomware also found its way into the Magnitude exploit kit. Over the weekend, French researcher
Kafeine discovered
that Magnitude had added exploits for the critical Flash zero-day vulnerability that Adobe released an emergency out-of-band patch for last week. (The vulnerability, CVE-2015-3113, was linked to Chinese advanced persisted threat group APT3, according to FireEye.) Kafeine also saw two samples that were installing Cryptowall against a Windows 7 machine running Internet Explorer 11.
These are just the latest in a variety of new infection vectors CryptoWall operators have begun using. CryptoWall added the ability to
execute 64-bit code directly from a 32-bit dropper
. It was found proliferating through spam with
malicious .chm attachments
. And it was
dropping via the elusive HanJuan exploit kit as part of a malvertising campaign

Last week, the
FBI stated
that between ransoms and recovery costs, CryptoWall had cost Americans over $18 million between April 2014 and June 2015. The Bureau called CryptoWall the most current and significant ransomware threat targeting U.S. individuals and businesses.

Last News

▸ Making use of a homemade Android army ◂
Discovered: 23/12/2024
Category: security

▸ CryptoWall is more widespread but less lucrative than CryptoLocker. ◂
Discovered: 23/12/2024
Category: security

▸ Feds probe cyber breaches at JPMorgan, other banks. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Clever CryptoWall Spreading Via New Attacks