Skip to main content

Downloaders beware! Hackers just released StrongPity, a fake file-compression tool

researchers use ambient light sensor data to steal browser exhausted man computer problems desk hacking hackers malware frust
Shutterstock
New malware called StrongPity targets web surfers looking for the popular tools WinRAR and TrueCrypt, Security firm Kaspersky Lab revealed on Monday. The former is a file compression program, and the latter was once an open-source, on-the-fly encryption tool. StrongPity poses as installers for these two tools, and will provide attackers complete control of the victim’s system once installed.

According to Kaspersky Lab, the StrongPity attack is found mainly in Italy and Belgium, but the malware has also hit people in Turkey, North Africa, and the Middle East. On the WinRAR front, the malware is served up on fake websites that use two transposed letters in their domain names to resemble an authentic installer site. The file’s link on the fake domain is then provided to a legitimate WinRAR distributor site.

“Kaspersky Lab data reveals that in the course of a single week, malware delivered from the distributor site in Italy appeared on hundreds of systems throughout Europe and Northern Africa/Middle East, with many more infections likely,” the firm said. “Over the entire summer, Italy (87 percent), Belgium (5 percent) and Algeria (4 percent) were most affected. The victim geography from the infected site in Belgium was similar, with users in Belgium accounting for half (54 percent) of more than 60 successful hits.”

Kaspersky Lab first saw this method taking place in Belgium on May 28. Prior to that, the security firm witnessed an Italian WinRAR distribution site directly handing out the fake WinRAR installer instead of linking to an impostor site. The good news here is that all affected WinRAR distribution sites have removed the infected file and/or fraudulent mirror links. The bad news is that the StrongPity attack is still ongoing.

What’s surprising it that StrongPity is presently attacking its victims through TrueCrypt installers. Development of this tool ended in May 2014 once Microsoft pulled the plug on Windows XP’s life support. TrueCrypt was no longer needed because Microsoft baked support for encrypted disks and virtual disk images into Windows Vista and newer versions. Thus, the only service the TrueCrypt developer provides now concerns the steps involved in migrating from the TrueCrypt format to BitLocker.

The firm said on Monday that the infected TrueCrypt installer was still active at the end of September. Apparently there is only one fraudulent TrueCrypt website handing out the infected installer, which experienced increased activity in May, claiming 95 percent of its victims in Turkey.

Kurt Baumgartner, principal security researcher at Kaspersky Lab, made the initial announcement regarding StrongPity’s discovery in a paper presented during the Virus Bulletin 2016 conference. He said that StrongPity is similar to Crouching Yeti/Energetic Bear that trojanized legitimate IT software installers and compromised “genuine distribution sites.” This type of attack is an “unwelcome and dangerous” trend that needs to be addressed by the security industry, he added.

In addition to completely taking over a victim’s computer, hackers behind the StrongPity attack can also steal the contents of a hard drive, and download additional modules that will scoop up the infected PC’s communications and contacts. Naturally, Kaspersky Lab software will detect and remove the StrongPity malware.

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
This 240Hz gaming monitor from LG is on sale for just $200 at Amazon
The LG UltraGear 27-inch OLED gaming monitor displaying a space game.

When it comes to gaming monitors, LG’s UltraGear lineup reigns supreme as one of the best lineups on the market. These screens are engineered to squeeze every last amount of picture detail from the games you’re playing, resulting in some of the brightest and richest colors, best contrast levels, and exceptional motion clarity. While looking through Amazon deals, we came across a terrific promo on an UltraGear that we just had to write about.

Right now, you’ll be able to purchase the LG 27-inch UltraGear IPS Gaming Monitor for $200. At full price, this model normally sells for $300. If you’ve been looking for one of the best monitor deals of the week, you’ve come to the right place!

Read more
The Alienware Aurora R16, our favorite gaming PC, is $900 off
Alienware Aurora R16 sitting on desk

If you’re looking for the end-all-be-all of gaming PC deals, look no further than this extraordinary offer we found on one of the best desktop towers in the business, the Alienware Aurora R16. For a limited time only, you’ll be able to order this premium PC through Dell for $3,100. Usually, this exact configuration of the Aurora R16 costs $4,000, so you’ll be saving yourself about $900!

Why you should buy the Alienware Aurora R16
Building your own PC is one of the most satisfying experiences for a diehard gamer, but it can also be a pretty tedious process. That’s why high-quality pre-builds exist, and the Aurora R16 is one of the best options. In our best gaming desktop PCs roundup, we gave the R16 top honors for several reasons, with power and performance being two of its leading accolades.

Read more
Next-gen GPUs are coming ‘later this year’ — but which?
RX 7900 XTX slotted into a test bench.

What's going on with next-gen graphics cards? I've been asking myself that question for months now. Reports about Nvidia's RTX 50-series and AMD's RDNA 4 first pointed to a 2024 release, but most sources now agree that we won't see any new GPUs until 2025. Except EK Water Blocks, a company that now claims that we'll see an announcement "later this year."

EK Water Blocks makes liquid cooling solutions, and it's partnered with both Nvidia and AMD, which makes it harder to determine which GPU manufacturer it's talking about here. According to the latest leaks, both GPU makers aren't launching their new products this year, although one source (admittedly uncertain) claimed that we'd have an announcement this month. This is now the second leak in as many days that implies good news in 2024.

Read more