Skip to main content
  1. Home
  2. Computing
  3. Mobile
  4. Web
  5. News

Downloaders beware! Hackers just released StrongPity, a fake file-compression tool

Add as a preferred source on Google

New malware called StrongPity targets web surfers looking for the popular tools WinRAR and TrueCrypt, Security firm Kaspersky Lab revealed on Monday. The former is a file compression program, and the latter was once an open-source, on-the-fly encryption tool. StrongPity poses as installers for these two tools, and will provide attackers complete control of the victim’s system once installed.

According to Kaspersky Lab, the StrongPity attack is found mainly in Italy and Belgium, but the malware has also hit people in Turkey, North Africa, and the Middle East. On the WinRAR front, the malware is served up on fake websites that use two transposed letters in their domain names to resemble an authentic installer site. The file’s link on the fake domain is then provided to a legitimate WinRAR distributor site.

Recommended Videos

“Kaspersky Lab data reveals that in the course of a single week, malware delivered from the distributor site in Italy appeared on hundreds of systems throughout Europe and Northern Africa/Middle East, with many more infections likely,” the firm said. “Over the entire summer, Italy (87 percent), Belgium (5 percent) and Algeria (4 percent) were most affected. The victim geography from the infected site in Belgium was similar, with users in Belgium accounting for half (54 percent) of more than 60 successful hits.”

Kaspersky Lab first saw this method taking place in Belgium on May 28. Prior to that, the security firm witnessed an Italian WinRAR distribution site directly handing out the fake WinRAR installer instead of linking to an impostor site. The good news here is that all affected WinRAR distribution sites have removed the infected file and/or fraudulent mirror links. The bad news is that the StrongPity attack is still ongoing.

What’s surprising it that StrongPity is presently attacking its victims through TrueCrypt installers. Development of this tool ended in May 2014 once Microsoft pulled the plug on Windows XP’s life support. TrueCrypt was no longer needed because Microsoft baked support for encrypted disks and virtual disk images into Windows Vista and newer versions. Thus, the only service the TrueCrypt developer provides now concerns the steps involved in migrating from the TrueCrypt format to BitLocker.

The firm said on Monday that the infected TrueCrypt installer was still active at the end of September. Apparently there is only one fraudulent TrueCrypt website handing out the infected installer, which experienced increased activity in May, claiming 95 percent of its victims in Turkey.

Kurt Baumgartner, principal security researcher at Kaspersky Lab, made the initial announcement regarding StrongPity’s discovery in a paper presented during the Virus Bulletin 2016 conference. He said that StrongPity is similar to Crouching Yeti/Energetic Bear that trojanized legitimate IT software installers and compromised “genuine distribution sites.” This type of attack is an “unwelcome and dangerous” trend that needs to be addressed by the security industry, he added.

In addition to completely taking over a victim’s computer, hackers behind the StrongPity attack can also steal the contents of a hard drive, and download additional modules that will scoop up the infected PC’s communications and contacts. Naturally, Kaspersky Lab software will detect and remove the StrongPity malware.

Kevin Parrish
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
macOS clipboard app Maccy has a fake out there stealing passwords
PamStealer malware is disguising itself as Maccy to target Mac users
Depicting of the Maccy clipboard app for macOS on a laptop with letters inb the background.

A fake version of Maccy, a popular clipboard manager for macOS, is being used to deliver a newly discovered Mac malware strain called PamStealer. Researchers at Jamf say the malware impersonates the real open-source app, but its actual purpose is to steal data and capture a victim’s login password.

PamStealer arrives as a disk image containing an AppleScript file that impersonates Maccy. Once the user opens that file, macOS launches it in Script Editor, where the on-screen instructions tell them to press Command-R. To someone expecting a normal app installer, that may look like an odd setup step. In reality, that action runs hidden malware code and starts the attack.

Read more
A new technology teaching drones to feel pain could stop your self-driving car from harming itself
Drones first, autonomous cars next. A pain-sensing system that detects failure before it happens has real stakes for self-driving vehicles.
Transportation, Vehicle, Car

When you sprain your ankle in the middle of a run, your body sends a pain signal to your brain, forcing you to stop. Essentially, the ability to sense pain stops you from pushing through the injury and causing further self-harm.

Researchers at Delft University of Technology and Wageningen University have applied this exact concept to drones, giving them a digital equivalent of a nervous system that recognizes a faulty part and triggers a pain-like warning signal. What's even more interesting is that the technology could find use in self-driving cars.

Read more
Claude Fable 5 is leaving subscriptions, but maybe not for good
High demand is pushing Claude Fable 5 out of subscriptions for now
Claude Fable 5 and Claude Mythos 5 Official Render

Anthropic’s most advanced publicly available Claude model is still leaving standard subscription access after July 7, but the company is now trying to calm fears that the move is permanent.

Fable 5 recently returned to Claude after drawing scrutiny from the U.S. government. Anthropic said it would be included on Pro, Max, Team, and select Enterprise plans for up to 50% of weekly usage limits through July 7. After that date, the model is set to move to usage-credit billing, meaning users will pay for access outside their regular plan limits.

Read more