That the counterfeit software It is well known that it is a potential repository for malware and cyber dangers. Despite this, it seems, this illegal environment still offers plenty of room for maneuver for cybercriminals.
Thanks to the work of Cybereasonin fact, it has been impossible to identify a new strain of ransomware DJVU, spread through downloads of cracked software. Compared to the previous variants, this one adopts the file extension .throw for compromised data and, sometimes, comes in a “bundle” with others loader e infostealer.
In this sense, the malicious agent often finds himself working in close contact with well-known names in the cybercrime scene, such as Further, RedLine Stealer, Lumma Stealer, Ready and many others, amplifying the degree of danger.
DJVU is a ransomware that comes from STOPwhich usually spreads by masquerading as legitimate software.
Counterfeit software helps spread DJVU ransomware and other malware
The infection, it seems, occurs through the execution of PrivateLoadera malware download service specially disguised to mislead victims.
Once activated, this executable establishes contact with a command and control (C2) server to recover some of the malware already mentioned. The goal of DJVU, like that of ransomware, is toexfiltration of sensitive data which then involves a double extortion.
According to experts, the decryption key is offered for $980with the price halved in case of payment within 72 hours from infection.
All this demonstrates, once again, how dangerous counterfeit software is. Despite this, limiting the possible ransomware threat to illegal software is an understatement. In the past, in fact, even apps freeware completely legitimate ones have been targeted by cybercriminals.
Stay alert and use a antivirus reliable, they are certainly excellent precautions to greatly limit the risk of infection.