GandCrab 4 Ransomware Now Infects Via Software Cracks

The creators of GandCrab ransomware do not sleep as the virus has been detected to infect users via what appears to be game and other software cracks, according to recent reports.

The GandCrab ransowmare has been steadily updated with more and more improvements to it’s methods of infection and to the malware itself. The virus has passed several internal version and is now officially in its 4.4 version as researchers have recently detected. And the virus has had several features removed while others have been added to it, but most of them have remained the same, aside from the fact that the GandCrab 4 malware now uses the .exe files of cracks for games or licensed software to infect victims.

GandCrab 4 Targets Users from Low-Rep Sites, Offering Cracks

During the course of their investigations, researchers have detected the virus to use WordPress sites which are often used by malware authors. This is due to the fact that they are easy to set up and easy to exploit. On one of the websites, the researchers found web pages, containing the download web links of the GandCrab 4’s executable file, masked as cracks for the following programs:

  • Merging Image to PDF 2.8.0.4
  • Securitask 2005 1.40H
  • SysTools PST Merge 3.3

Researchers at Fortinet have even detected the pages to be well-written and well-structured with a detailed description of the program the user is looking a crack for with the main idea behind it being the fact that the user should trust the site In order to download and run the crack.

Image Source: Fortinet

Significant Change in GandCrab 4’s Encryption

The virus has undergone several changes here and there, like the wallpaper no longer being used and several of it’s features removed. The biggest change (Read more...)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum | SensorsTechForum.com authored by Vencislav Krustev. Read the original post at: https://sensorstechforum.com/gandcrab-4-ransomware-now-infects-via-cracks/