The flaw is an “Absolute Path Traversal” issue in the library that could be exploited to execute arbitrary code by using a specially-crafted file archive.
The attacker lures victims to decompress the archive through embedding a corrupt and incomplete female picture. It renames files with .Jnec extension.
The ransomware encrypts data on the victim’s machine and appends the .Jnec extension to the encrypted data asking a ransom 0.05 bitcoins (about $200).
Once the ransomware has encrypted the files on the victim’s computer, it will generate a Gmail address that victims need to create in order to receive the file decryption key once they will pay the ransom.
Execution of arbitrary code.
Indicators of Compromise
|Malware Hash (MD5/SHA1/SH256)||9ebe2ee958ddd61c93400293d6903ab0 |