Skip to main content

Downloaders beware! Hackers just released StrongPity, a fake file-compression tool

researchers use ambient light sensor data to steal browser exhausted man computer problems desk hacking hackers malware frust
Shutterstock
New malware called StrongPity targets web surfers looking for the popular tools WinRAR and TrueCrypt, Security firm Kaspersky Lab revealed on Monday. The former is a file compression program, and the latter was once an open-source, on-the-fly encryption tool. StrongPity poses as installers for these two tools, and will provide attackers complete control of the victim’s system once installed.

According to Kaspersky Lab, the StrongPity attack is found mainly in Italy and Belgium, but the malware has also hit people in Turkey, North Africa, and the Middle East. On the WinRAR front, the malware is served up on fake websites that use two transposed letters in their domain names to resemble an authentic installer site. The file’s link on the fake domain is then provided to a legitimate WinRAR distributor site.

“Kaspersky Lab data reveals that in the course of a single week, malware delivered from the distributor site in Italy appeared on hundreds of systems throughout Europe and Northern Africa/Middle East, with many more infections likely,” the firm said. “Over the entire summer, Italy (87 percent), Belgium (5 percent) and Algeria (4 percent) were most affected. The victim geography from the infected site in Belgium was similar, with users in Belgium accounting for half (54 percent) of more than 60 successful hits.”

Kaspersky Lab first saw this method taking place in Belgium on May 28. Prior to that, the security firm witnessed an Italian WinRAR distribution site directly handing out the fake WinRAR installer instead of linking to an impostor site. The good news here is that all affected WinRAR distribution sites have removed the infected file and/or fraudulent mirror links. The bad news is that the StrongPity attack is still ongoing.

What’s surprising it that StrongPity is presently attacking its victims through TrueCrypt installers. Development of this tool ended in May 2014 once Microsoft pulled the plug on Windows XP’s life support. TrueCrypt was no longer needed because Microsoft baked support for encrypted disks and virtual disk images into Windows Vista and newer versions. Thus, the only service the TrueCrypt developer provides now concerns the steps involved in migrating from the TrueCrypt format to BitLocker.

The firm said on Monday that the infected TrueCrypt installer was still active at the end of September. Apparently there is only one fraudulent TrueCrypt website handing out the infected installer, which experienced increased activity in May, claiming 95 percent of its victims in Turkey.

Kurt Baumgartner, principal security researcher at Kaspersky Lab, made the initial announcement regarding StrongPity’s discovery in a paper presented during the Virus Bulletin 2016 conference. He said that StrongPity is similar to Crouching Yeti/Energetic Bear that trojanized legitimate IT software installers and compromised “genuine distribution sites.” This type of attack is an “unwelcome and dangerous” trend that needs to be addressed by the security industry, he added.

In addition to completely taking over a victim’s computer, hackers behind the StrongPity attack can also steal the contents of a hard drive, and download additional modules that will scoop up the infected PC’s communications and contacts. Naturally, Kaspersky Lab software will detect and remove the StrongPity malware.

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
Dell XPS 13 laptop just crashed to its cheapest-ever price
The Dell XPS 13, open on a table in front of a window.

If you like the idea of a thin and light laptop like the MacBook Air but don't want to enter the Apple ecosystem or spend a lot of money, then the Dell XPS lineup is right up your alley. In essence, the Dell XPS 13 is Dell's response to the MacBook Air, and while it can still be relatively expensive, this configuration has a great deal on it. You can grab it now at Dell for just $600, rather than the regular $800, making it one of the better Dell XPS deals we've seen this week.

Why you should buy the Dell XPS 13
The Dell XPS 13 is a surprisingly powerful little laptop for its size; with a mid-range 12th Gen Intel Core i5-1230U, it can handle many things. That means anything from day-to-day activities to productivity tasks and even potentially some editing work. Because of it's 0.55-inch thickness and 2.59-pound weight, you can easily put it in a bag and carry it around with you, making this a great option if you're constantly on the move and need a laptop for work or school. The 13.-6inch screen only runs FHD, but that's not an issue with a screen that small, and, more importantly, it can hit an impressive 500nits of peak brightness, meaning you can use the XPS 13 in any situation, including outside on a bright day, which is impressive.

Read more
Best gaming laptops in 2023: Razer, Lenovo, Asus, and more
Cyberpunk 2077 on the Lenovo Legion Pro 5.

Finding the best gaming laptop is no easy task. You want something as portable as it is powerful, all while balancing battery life, heat, and fan noise. A lot of gaming laptops get this balance wrong, but a select few rise above and get it right.

We have a new crop of gaming laptops thanks to next-gen CPU and GPU options from AMD, Nvidia, and Intel, but one sits above the rest. The Lenovo Legion Pro 5 is the best gaming laptop you can buy right now thanks to its chart-topping performance, decent price, and fantastic build quality. But it's not the only great gaming laptop we've reviewed this year.

Read more
This weird sneaker PC is on sale for less than you might think
The Cooler Master CMODX Sneaker X PC against a red background.

If you’re feeling like your PC is a little boring, you’re in luck, as Cooler Master’s experimental brand CMODX has started selling its utterly weird Sneaker X shoe-shaped computer to all and sundry. The price? A hefty $3,499.

For that, you get an Intel Core i7-13700K CPU, an Nvidia RTX 4070 GPU, 32GB of memory, 2TB of storage, and a liquid cooling system. It’s all wrapped up in a bright, garish case shaped like a chunky sneaker, of all things.

Read more