Downloaders beware! Hackers just released StrongPity, a fake file-compression tool

New malware called StrongPity targets web surfers looking for the popular tools WinRAR and TrueCrypt, Security firm Kaspersky Lab revealed on Monday. The former is a file compression program, and the latter was once an open-source, on-the-fly encryption tool. StrongPity poses as installers for these two tools, and will provide attackers complete control of the victim’s system once installed.

According to Kaspersky Lab, the StrongPity attack is found mainly in Italy and Belgium, but the malware has also hit people in Turkey, North Africa, and the Middle East. On the WinRAR front, the malware is served up on fake websites that use two transposed letters in their domain names to resemble an authentic installer site. The file’s link on the fake domain is then provided to a legitimate WinRAR distributor site.

“Kaspersky Lab data reveals that in the course of a single week, malware delivered from the distributor site in Italy appeared on hundreds of systems throughout Europe and Northern Africa/Middle East, with many more infections likely,” the firm said. “Over the entire summer, Italy (87 percent), Belgium (5 percent) and Algeria (4 percent) were most affected. The victim geography from the infected site in Belgium was similar, with users in Belgium accounting for half (54 percent) of more than 60 successful hits.”

Kaspersky Lab first saw this method taking place in Belgium on May 28. Prior to that, the security firm witnessed an Italian WinRAR distribution site directly handing out the fake WinRAR installer instead of linking to an impostor site. The good news here is that all affected WinRAR distribution sites have removed the infected file and/or fraudulent mirror links. The bad news is that the StrongPity attack is still ongoing.

What’s surprising it that StrongPity is presently attacking its victims through TrueCrypt installers. Development of this tool ended in May 2014 once Microsoft pulled the plug on Windows XP’s life support. TrueCrypt was no longer needed because Microsoft baked support for encrypted disks and virtual disk images into Windows Vista and newer versions. Thus, the only service the TrueCrypt developer provides now concerns the steps involved in migrating from the TrueCrypt format to BitLocker.

The firm said on Monday that the infected TrueCrypt installer was still active at the end of September. Apparently there is only one fraudulent TrueCrypt website handing out the infected installer, which experienced increased activity in May, claiming 95 percent of its victims in Turkey.

Kurt Baumgartner, principal security researcher at Kaspersky Lab, made the initial announcement regarding StrongPity’s discovery in a paper presented during the Virus Bulletin 2016 conference. He said that StrongPity is similar to Crouching Yeti/Energetic Bear that trojanized legitimate IT software installers and compromised “genuine distribution sites.” This type of attack is an “unwelcome and dangerous” trend that needs to be addressed by the security industry, he added.

In addition to completely taking over a victim’s computer, hackers behind the StrongPity attack can also steal the contents of a hard drive, and download additional modules that will scoop up the infected PC’s communications and contacts. Naturally, Kaspersky Lab software will detect and remove the StrongPity malware.


Exclusive: The Surface Hub 2S will revolutionize work. Here’s how it was made

Exclusive interviews with the designers, futurists, and visionaries behind the Surface Hub 2 paint a dramatic picture of how Microsoft thinks collaboration will change your office.

Make some room in your backlog. Here are all the games to look out for in 2019

2019 is already a huge year for video games, with a large number of series getting new installments, including some that have been dormant for years. Brand new franchises are also being created.

Microsoft says hackers were able to view emails

Microsoft's email platform saw a massive breach that caused confidential data to be accessed by hackers for months. It now appears the problem might have been much worse than initially thought, and worse than Microsoft admitted.

Hackers broke into using worker’s credentials, Microsoft says

Microsoft's web-based email services were the target of a security beach. Using a customer support agent's credentials, hackers were possibly able to access email addresses and subject lines, but fortunately not their content.

Internet Explorer zero-day exploit makes files vulnerable to hacks on Windows PCs

Evidence of an Internet Explorer zero-day exploit capable of letting hackers steal files from Windows PCs was published online by a security researcher who also claims Microsoft knew of the vulnerability and opted not to patch it.
Product Review

You won't buy Microsoft's Surface Hub 2S, but it could still change your life

The Microsoft Surface Hub 2S wants to change the way you collaborate at work. That’s a lofty goal most devices fail to achieve, but the unique Hub 2S could be an exception. And trust us – you’re going to want it.
Emerging Tech

How emotion-tracking A.I. will change computing as we know it

Affectiva is just one of the startups working to create emotion-tracking A.I. that can work out how you're feeling. Here's why this could change the face of computing as we know it.

Meet the mastermind behind Microsoft's massive new Surface Hub

Microsoft Chief Product Officer Panos Panay gives us an exclusive peek at the 85-inch Surface Hub 2, and explains how innovation and collaboration will transform your workplace.

Microsoft reveals details of Surface Hub 2S, coming in June at $9,000

The Surface Hub 2 could be the most expensive whiteboard ever made, but it should be a powerful and capable one. With the ability to connect several of the 50-inch displays together, the picture at least, should be gorgeous.

Report says 20% of all 2018 web traffic came from bad bots

Distil Networks published its annual Bad Bot Report this week and announced that 20% of all web traffic in 2018 came from bad bots. The report had other similarly surprising findings regarding the state of bots as well.

Learn to uninstall a Steam game and clear some space on your PC

Looking to learn how to uninstall Steam games? You've come to the right place. In this guide, we walk you through the process step by step, whether you want Steam to do it for you or handle the process manually.

Amazon strikes $100 off the price of Microsoft Surface Go tablets

If you've been eyeing Microsoft's Surface Go for its compact size and portability, now may be a great time to buy the tablet. Amazon has a $100 discount on the Surface Go, bringing the price of this slate down to just under $400.

Sweet 16: Wacom’s Cintiq 16 pen display makes retouching photos a breeze

Wacom’s Cintiq pen displays are usually reserved for the pros (or wealthy enthusiasts), but the new Cintiq 16 brings screen and stylus editing to an approachable price. Does it cut too much to get there?

Mueller report releases on CD, forces Congress to find PCs with disc drives

The Mueller report was released this week to Congress via CDs and congressional members had to find PCs with working disc drives to access the 400-page document. The redacted report was also released to the public on a website.