WinRAR is one of the best services for archiving files on Windows as well as dealing with compression and extraction whereas TrueCrypt is a discontinued on-the-fly encryption tool. StrongPity targets computers by disguising itself as an installer for said software and gaining full control. It may also try to steal files, corrupt them, or even download new modules on the machine. The malware has been observed in locations around the world including Turkey, North Africa, and the Middle East and, according to Kaspersky Lab, the main locations this infected piece of code resides are in Italy and Belgium. The strategy attackers use to fool users is replacing two transposed letters in their domain names and keeping their URL as close as possible to the authentic installer site. The file link of the installer is then redirected to the legitimate WinRAR distributor site and this is just the WinRAR front. In the image below, you’ll be able to spot a blue button that we have highlighted which reroutes users to ‘ralrab[.]com’ taking victims to corrupted software sites, and in some cases (one of which was recorded in Italy) where users were not directed to sham websites but to the StrongPity malware itself.

Apart from that, the malware was also reportedly directing users to deceitful, corrupt web pages instead of the TrueCrypt software installer. Though many of the tainted WinRAR links have been removed, there still remain some TrueCrypt installers as suggested by Kapersky Labs’s September report. Developments for TrueCrypt was discontinued from May 2014 after Microsoft abandoned Windows XP. Kurt Baumgartner, the principal security researcher at Kaspersky Lab, compares StrongPity to Crouching Yeti/Energetic Bear attacks that took over and infected authentic software distribution websites. He refers to this trend as “unwelcome and dangerous” and says it must be addressed immediately. The most we can do is keep our users updated and advise them to be smart and cautious while installing utilities as they might contain deceptive links. Destructive malware like StrongPity can easily turn your PC into a damaged machine.

Name * Email * Commenting as . Not you? Save information for future comments
Comment

Δ