Rewterz Threat Alert – TroyStealer Malware
June 16, 2020Rewterz Threat Advisory – CVE-2020-6506 – Google Chrome WebView security bypass Vulnerability
June 16, 2020Rewterz Threat Alert – TroyStealer Malware
June 16, 2020Rewterz Threat Advisory – CVE-2020-6506 – Google Chrome WebView security bypass Vulnerability
June 16, 2020Severity
High
Analysis Summary
A new Ransomware-as-a-Service (RaaS), Avaddon, and its recent campaign. It has appeared in the wild as part of a massive spam campaign leveraging the Phorphiex/Trik Botnet for sending emails. Attached to the emails, the bodies of which simply contains a winking smiley face, is a ZIP archive containing a JavaScript file masquerading as a JPG. The JavaScript code is responsible for using both PowerShell and Bitsadmin to download and run an executable file from a remote server. On execution, the ransomware encrypts target files and appends a .avdn extension. An HTML ransom note is dropped on the system directing victims to a TOR site where they can buy a decryptor. The site includes a support chat system, free decryption test, and a help page. Researchers also discovered advertisements in Russian-speaking hacker forums attempting to recruit affiliates into their RaaS program.
Impact
File encryption
Remediation
- Always be suspicious about emails sent by unknown senders.
- Never click on the emails/sent by unknown senders.