October 12, 2016 By Larry Loeb 2 min read

Users in the market for encryption software are generally astute when it comes to security. They’re unlikely to be duped by social engineering ploys.

Ironically, this makes them valuable targets for cybercriminals. According to Kaspersky Lab research, one group of attackers went after more than 1,000 encryption software users in Europe, North Africa and the Middle East.

Clever Misdirection

The attacks, known as StrongPity, emulate the Crouching Yeti advanced persistent threat (APT) activity observed in early 2014, Kaspersky Lab reported.

The attackers behind the Crouching Yeti events turned software installers, such as virtual private network (VPN) and camera software installers, into Trojans that access victims’ networks. StrongPity used the same technique, but it leveraged different software groups. Unlike Crouching Yeti, StrongPity specifically targeted users of encryption installers.

The attacks involved some clever misdirection. The actors launched a website that mimicked the genuine WinRAR site, complete with malicious links that redirected users to malware installers hosted on ralrab.com, a deceptive play on the legitimate URL, rarlab.com. The group hit the Italian support site, which explains why 87 percent of victims were located in Italy, according to the report.

This fake site went the extra mile by generating a recommended package for each individual victim based on browser location and processor capability. Of course, the package contained a tainted version of WinRAR.

Targeting Encryption Software

StrongPity didn’t stop there. The group also created a fake TrueCrypt website in an attempt to mislead visitors. Users who accessed the download website Tamindir were redirected to the phony site, where, again, malicious links awaited.

“The StrongPity droppers were often signed with unusual digital certificates, dropping multiple components that not only provide complete control of the victim system, but effectively steal disk contents and can download components for further collection of various communications and contacts,” Kurt Baumgartner, principal security researcher at Kaspersky Lab, wrote on the blog.

In other words, this malware wants to take over your machine and spy on you. It’s simple, really — harden up or be compromised.

More from

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

Testing the limits of generative AI: How red teaming exposes vulnerabilities in AI models

4 min read - With generative artificial intelligence (gen AI) on the frontlines of information security, red teams play an essential role in identifying vulnerabilities that others can overlook.With the average cost of a data breach reaching an all-time high of $4.88 million in 2024, businesses need to know exactly where their vulnerabilities lie. Given the remarkable pace at which they’re adopting gen AI, there’s a good chance that some of those vulnerabilities lie in AI models themselves — or the data used to…

FBI, CISA issue warning for cross Apple-Android texting

3 min read - CISA and the FBI recently released a joint statement that the People's Republic of China (PRC) is targeting commercial telecommunications infrastructure as part of a significant cyber espionage campaign. As a result, the agencies released a joint guide, Enhanced Visibility and Hardening Guidance for Communications Infrastructure, with best practices organizations and agencies should adopt to protect against this espionage threat. According to the statement, PRC-affiliated actors compromised networks at multiple telecommunication companies. They stole customer call records data as well…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today