Thursday, July 25, 2024

Hackers Delivered a Lockbit Ransomware Through Fake Copyright Claim E-mail

One of the interesting tricks used by LockBit affiliates is disguising their malware as copyright claims in order to trick users into infecting their devices with ransomware.

There is a copyright violation notice sent through email to these users, apparently containing information that they are using media files without permission from the creators. 

It is because of such emails that recipients are urged to remove content that they consider infringing on their websites.

Technical Analysis

Cybersecurity researchers at South Korean security firm, AhnLab identified the emails, but they were unable to determine which files were being unfairly used in the body of the emails. 

The recipient should instead be asked to open and download the attached file in order to view the content deemed infringing. The email attachment sent by the threat actors is a ZIP archive and this ZIP archive is password protected. 

While this ZIP file contains a compressed file that contains a copy of a PDF document which is actually an NSIS installer that is disguised as a PDF document.

This is done for the purpose of evading detection from email security software, which is why there is mandatory wrapping and password protection.

An encrypted file has an extension called .lockbit and has an icon that indicates its encryption status. Furthermore, the folder with the encrypted files has a ransom note named ‘Restore-My-Files.txt’ created inside of it.

Fake Copyright Claims

It is possible for a victim to view what images are being used illegally by simply opening the document intended to be a PDF attached to the email. If they open it, the malware will be loaded and the LockBit 2.0 ransomware will be used to encrypt the device.

In any case, you need not be surprised by LockBit using copyright violations as a tactic for malware distribution. Since it is a common lure that is used nowadays in several malware distribution campaigns.

Publishers of content should seriously consider this issue of copyright claims if they want to avoid legal issues in the future. 

If the notification doesn’t give you any concrete details about the violation or you are required to open attached files in order to view details in the complaint, then it is unlikely that it is a legitimate notice.

Users may run attached files without realizing they have done it, as e-mails distributing malware types like this may contain the name of the actual illustrator, whose work they are viewing. Therefore, users should be very cautious when they are downloading such attachments.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates.


Latest articles

ShadowRoot Ransomware Attacking Organizations With Weaponized PDF Documents

A rudimentary ransomware targets Turkish businesses through phishing emails with ".ru" domain sender addresses....

BreachForumsV1 Database Leaked: Private messages, Emails & IP Exposed

BreachForumsV1, a notorious online platform for facilitating illegal activities, has reportedly suffered a massive...

250 Million Hamster Kombat Players Targeted Via Android And Windows Malware

Despite having simple gameplay, the new Telegram clicker game Hamster Kombat has become very...

Beware Of Malicious Python Packages That Steal Users Sensitive Data

Malicious Python packages uploaded by "dsfsdfds" to PyPI infiltrated user systems by exfiltrating sensitive...

Chinese Hackers Using Shared Framework To Create Multi-Platform Malware

Shared frameworks are often prone to hackers' abuses as they have been built into...

BlueStacks Emulator For Windows Flaw Exposes Millions Of Gamers To Attack

A significant vulnerability was discovered in BlueStacks, the world's fastest Android emulator and cloud...

Google Chrome 127 Released with a fix for 24 Security Vulnerabilities

Google has unveiled the latest version of its Chrome browser, Chrome 127, which is...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles