Rakhni Malware is adding Miner or Ransomware to your System

7

Rakhni Malware is allowing attackers to inject your computer with a miner or Ransomware:- The malware, also named as Trojan-Ransom.Win32.Rakhni is bringing a miner or Ransomware to your PC. The malware was discovered back in the year 2013. At that time the malware was neutralized. But now, the malware has come up with new tricks under its sleeves.  The researchers at Kaspersky Labs found that the malware allows the attacker to either inject a miner or a Ransomware.

Rakhni Malware is a terrible malware!

According to researchers at Kaspersky Labs, this malware has three tricks. First, it allows the attacker to inject a miner. The miner program hijacks your CPU cycles, allowing the attacker to mine cryptocurrencies. This is an unauthorized way to do so. Second, it allows an attacker to inject a Ransomware into your PC. The encryption program encrypts all your files and issues your a payment deadline. If not paid till deadline, your all files are locked forever.

Not only this, Kaspersky Labs says there is a third way of attacking in the malware. It includes the victim to distribute chain of malware or net worm. This happens to distribute worms over the internet. A worm is a program that multiplies itself, eating up your computer resources.

The malware is infecting Russia right now. The malware is sent using spammy email campaigns. The most amazing thing about the malware is, it doesn’t show as an exe, but comes as a PDF file. Once you download it, it will start an executable file, and displays an error message. Front-end work is now done. What it does behind the scene is it first check a specific folder is present or not. The folder is situated at %AppData%\Bitcoin. If found, it will download an encryptor tool, not the miner.

If not found, it will download the miner, only if the computer has more than two logical processors.  Now, if the folder is already present, the encryptor is downloaded. The encryptor is the interesting part here. It will start encrypting your files if you leave your PC idle for 2 minutes!

Now, the miner has an interesting thing. Given that, it is signed with a Fake Microsoft Corporation certificate, allowing itself to remain in the system without being detected.

But what if both the method fails?

Now the trojan program relies on the third and ultimate method. Suppose your computer doesn’t have cryptocurrency folder or has only one logical processor. The trojan will start the worm feature.  This will start copying itself on the victim’s computer and also on all the computers on the local network.

When your computer is infected, the message reads, as per researchers at Kaspersky:

Additionally, the ransom note warns the victim that using third-party decryptors can corrupt files and even the original decryptor would not be able to decrypt them. The last sentence of the ransom note informs the victim that all requests will be processed by an automatic system.

However, the decryption tool is now available for use.

The Rakhni Malware has several changes to its architecture. It keeps on getting new ways of intruding your systems. However, people sitting inside AV solution labs are doing everything to stop these attacks. Also, do use a Total Security AV solution or at least an Internet Security Solution to remain protected.

Peace out!

Comments