This ransomware sneakily infects victims by disguising itself with anti-virus software
Researchers at Trend Micro have uncovered a sneaky new campaign involving the notorious Dharma ransomware that has been targeting companies around the globe since at least 2016. In order to increase the success rate of their attacks, the threat actors behind Dharma have now integrated it into a phony anti-virus package.
Like in previous campaigns, the attackers are sending malicious phishing emails to potential victims. This time, the lure is a warning that the user’s computer has been “corrupted” and that the problem requires the installation of updated anti-virus software. A link to the solution is provided. If the users clicks on the link, a corrupted anti-virus package of well-known AV brand ESET is downloaded onto the targeted computer. An ESET installation window will open, requiring the user’s interaction. But while the user follows the seemingly legitimate installation process, Dharma is running in the background, encrypting files on the infected machine. After the fake installation, a ransom note will pop up, urging the user to pay in order to regain access to their data.
Raphael Centeno of Trend Micro says this campaigns shows that “many malicious actors are still trying to upgrade old threats and use new techniques,” and that “[r]ansomware remains a costly and versatile threat.”