WinRar and TrueCrypt Installer Dropping Malware on Users’ PCs

Be careful when you download WinRar or TrueCrypt installer – Researchers have found several websites distributing malware infected files for both installers.

A recent report by Kaspersky Lab stated that a new malware known as StrongPity has been found in installers for WinRar and TrueCrypt that execute itself once the user installs it on their computer.

How does it work?

The Malware poses as a legitimate installer by manipulating the domain name. This allows it to get linked to the sites that distribute WinRar and TrueCrypt installer file. Once the user clicks on the download link, it drops the malware file. Once it is installed, the Malware takes control of the entire system

The victims up till now

The malware, according to Kaspersky Lab, has hit various countries in the European Region including countries like Italy, Belgium, and Turkey. The Middle East and Africa have also fallen prey to StrongPity.

TrueCrypt may be the biggest threat

Kaspersky researchers also revealed that fortunately for WinRar distributors, the malware has been removed. It was supposedly linked to their sites through fake installers.

One of the sites that were found distributing malware through Win RAR installer

However, one of the TrueCrypt distributors’ websites was still dropping the malware on victim’s devices. Although TrueCrypt’s development has long been halted since 2008 as Microsoft integrated support for encrypted virtual disks in its newer version of Windows following XP, the tool is still required to transfer the files from TrueCrypt to BitLocker format. The malware, through the distributor’s site, has made its way to Turkey affecting a considerable amount of users

TrueCrypt is not so Crypt

StrongPity can do more than just control

Upon further examination, it is discovered that StronPity has the ability to infiltrate a victim’s hard disk and also steal their contact information. This means the Malware can easily retrieve private data from your hard disk and also target users’ communication. Nevertheless, Kaspersky is on its way to remove the malware from the infected website and hopefully stop such infiltration.

Related Posts