Users looking to download from Internet programs such as WinRAR and TrueCrypt can become victims of the group of cyber-attacks, StrongPity already reporting cases in Italy, Belgium, Turkey, North Africa and the Middle East, according to the findings of papers presented in Virus Bulletin of Kaspersky Lab researcher Kurt Baumgartner.
According to the source, StrongPity is a group of APT( Advanced Persistent Threat ) type, which has advanced and is interested in information and encrypted messages.
‘In the last few months, Kaspersky Lab observed a significant increase in attacks against users who search for two known encryption programs: WinRAR and system TrueCrypt. Malware StrongPity includes components that devote attackers to have full control over the system of the victim, allowing them to steal content on the hard disk and download additional modules to collect messages and contacts. Kaspersky Lab has detected up to thos date, visits to StrongPity sites and the presence of certain StrongPity components in over 1,000 systems concerned,’ notes a Kaspersky Lab press release.
Specialists explain that in order to catch victims, the attackers have created fake websites, in one case having two letters reversed in a domain name to fool customers into believing it is a legitimate site where they can install WinRAR. Afterward, they placed a very visible link to a malicious domain, located on a site in Belgium, apparently replacing the recommended site link with the malicious connection. When visitors entered on that site they were led to the StrongPity compromised website.
Company data shows that during a single week the malware ‘delivered’ site in Italy have appeared on hundreds of systems in Europe and North Africa or the Middle East, with the possibility of a much larger number of infections.