Skip to main content

Downloaders beware! Hackers just released StrongPity, a fake file-compression tool

researchers use ambient light sensor data to steal browser exhausted man computer problems desk hacking hackers malware frust
Shutterstock
New malware called StrongPity targets web surfers looking for the popular tools WinRAR and TrueCrypt, Security firm Kaspersky Lab revealed on Monday. The former is a file compression program, and the latter was once an open-source, on-the-fly encryption tool. StrongPity poses as installers for these two tools, and will provide attackers complete control of the victim’s system once installed.

According to Kaspersky Lab, the StrongPity attack is found mainly in Italy and Belgium, but the malware has also hit people in Turkey, North Africa, and the Middle East. On the WinRAR front, the malware is served up on fake websites that use two transposed letters in their domain names to resemble an authentic installer site. The file’s link on the fake domain is then provided to a legitimate WinRAR distributor site.

Recommended Videos

“Kaspersky Lab data reveals that in the course of a single week, malware delivered from the distributor site in Italy appeared on hundreds of systems throughout Europe and Northern Africa/Middle East, with many more infections likely,” the firm said. “Over the entire summer, Italy (87 percent), Belgium (5 percent) and Algeria (4 percent) were most affected. The victim geography from the infected site in Belgium was similar, with users in Belgium accounting for half (54 percent) of more than 60 successful hits.”

Kaspersky Lab first saw this method taking place in Belgium on May 28. Prior to that, the security firm witnessed an Italian WinRAR distribution site directly handing out the fake WinRAR installer instead of linking to an impostor site. The good news here is that all affected WinRAR distribution sites have removed the infected file and/or fraudulent mirror links. The bad news is that the StrongPity attack is still ongoing.

What’s surprising it that StrongPity is presently attacking its victims through TrueCrypt installers. Development of this tool ended in May 2014 once Microsoft pulled the plug on Windows XP’s life support. TrueCrypt was no longer needed because Microsoft baked support for encrypted disks and virtual disk images into Windows Vista and newer versions. Thus, the only service the TrueCrypt developer provides now concerns the steps involved in migrating from the TrueCrypt format to BitLocker.

The firm said on Monday that the infected TrueCrypt installer was still active at the end of September. Apparently there is only one fraudulent TrueCrypt website handing out the infected installer, which experienced increased activity in May, claiming 95 percent of its victims in Turkey.

Kurt Baumgartner, principal security researcher at Kaspersky Lab, made the initial announcement regarding StrongPity’s discovery in a paper presented during the Virus Bulletin 2016 conference. He said that StrongPity is similar to Crouching Yeti/Energetic Bear that trojanized legitimate IT software installers and compromised “genuine distribution sites.” This type of attack is an “unwelcome and dangerous” trend that needs to be addressed by the security industry, he added.

In addition to completely taking over a victim’s computer, hackers behind the StrongPity attack can also steal the contents of a hard drive, and download additional modules that will scoop up the infected PC’s communications and contacts. Naturally, Kaspersky Lab software will detect and remove the StrongPity malware.

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
At basically $105, the Ryzen 5 7600X is the best gaming CPU to buy right now
The Ryzen 5 7600X sitting among thermal paste and RAM.

I don't usually get my hopes up for Black Friday CPU deals, but I found one that's just too good to pass up. Right now, you can get the Ryzen 5 7600X -- still one of the best processors for value-focused gaming -- for basically $105. No, that's not the actual price listed on Newegg where you'll find the deal, but there's a lot going on with this sale.

For starters, the CPU itself is marked down by 24%, bringing the $299 list price down to $225. Not a great deal for a last-gen chip. However, you can save an additional $30 by using the promo code BFEDY2A33, and more importantly, you'll get a free Kingston NV3 1TB hard drive with the order. That's a PCIe 4.0 SSD that normally costs $90.

Read more
This Asus laptop with Copilot+ is $350 off at Best Buy
Asus Vivobook S 15 CoPilot+ front view showing display and keyboard.

You can do quite a bit of gaming on the go these days, thanks to all the handheld consoles and gaming laptops that are on the market. Regarding the latter, we’re always on the lookout for top discounts on the gaming gear we all want to own, which leads us to this wonderful discovery:

For a limited time, when you purchase the Asus Vivobook S 15 with Copilot+ at Best Buy, you’ll pay $550. At full price, this model sells for $900. We tested this PC earlier this year, and our reviewer said the following: “The Asus Vivobook S15 is the best large-display Copilot+ laptop so far in an old-school form factor.”

Read more
This gorgeous Mac mini hub exacerbates the power button placement problem
M4 Mac mini with Satechi hub on a desk.

Satechi, known for its high-quality tech accessories, is updating its Mac mini hub for the new M4 model. Like previous hubs, it allows Mac mini owners to expand their storage and ports while preserving airflow, wireless signal, and performance. It looks awesome, but this time, the design highlights the problematic nature of the new Mac mini's placement of its power button.

With previous Mac mini models, the power button was at the back, making it easily accessible even when it was in a Satechi hub. The new button placement on the bottom of the PC, however, may prove even more annoying for anyone who wants to buy this accessory.

Read more