Cyber criminals behind Dridex and Locky ransomware have started distributing a new file-encrypting software named as Bart. According to security company Proofpoint RockLoader malware is used to download Bart over HTTPS. Bart itself will encrypt the files without first connecting to a remote command and conquer (C&C) server.
Malware campaign has included sending messages with the subjects "Photos" containing malicious Javascript code file (e.g. PDF_123456789.js) zipped in as an attachment with name like "photos.zip", "image.zip", "Photos.zip", "photo.zip", "Photo.zip", or "picture.zip".
More information with details can be read from Proofpoint blog post here.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment