- New sextortion campaign installs GandCrab ransomware on victim’s system.
- The new campaign was spotted by researchers at ProofPoint on December 5.
- Attackers threaten user claiming they have a video of the user doing illicit activity.
- Users who download will be infected with AZORult malware.
- The malware immediately will download and install GandCrab ransomware on victim’s system
Security researchers have discovered a new sextortion campaign which installs GandCrab ransomware on victim’s PC.
Sextortion scam emails are which threat actors threaten users claiming that they have hacked their computer and have compromising information about them. These emails may also have your passwords which were leaked during any of past data breaches.
Users will be asked to pay ransom amount or attackers threatens to share it with all of your contacts. Users should be aware that these are just scams and your computer was neither hacker or attacker does not any compromising information about you.
The new camping was discovered researchers at ProofPoint and instead of bitcoin payment users are asked to download a video containing compromising activities of users.
The user will be asked to click a link which contains the video and if the user clicks the link a zip file will be downloaded containing malicious files inside
Users who download the file and executed it will infected with the AZORult malware. The malware in turn immediately downloads and install GandCrab ransomware on victim’s system.
“However, this week Proofpoint researchers observed a sextortion campaign that also included URLs linking to AZORult stealer that ultimately led to infection with GandCrab ransomware.” said in the post published by ProofPoint researchers
Researchers spotted the new campaign on December 5 targeting users in the United States.
There is a higher chance that users may fall for this trick because most of them will click the link to confirm whether video exists or not.
The AZORult malware will extract information such as logins data, cookies , files, chat history and others from your computer.
After that, the GandCrab ransomware will encrypt your data and user will be asked to pay a ransom amount of $500 in Bitcoin or DASH to decrypt your files.
In case if you have received this email, this is just a scam, and they do not have any videos of you, but if you are still using the password mentioned in that email, you are advised to change it immediately.
You may be interested in reading:Marriott Data Breach Exposed Personal Data of 500 million Guests