Skip to main content

Downloaders beware! Hackers just released StrongPity, a fake file-compression tool

researchers use ambient light sensor data to steal browser exhausted man computer problems desk hacking hackers malware frust
Shutterstock
New malware called StrongPity targets web surfers looking for the popular tools WinRAR and TrueCrypt, Security firm Kaspersky Lab revealed on Monday. The former is a file compression program, and the latter was once an open-source, on-the-fly encryption tool. StrongPity poses as installers for these two tools, and will provide attackers complete control of the victim’s system once installed.

According to Kaspersky Lab, the StrongPity attack is found mainly in Italy and Belgium, but the malware has also hit people in Turkey, North Africa, and the Middle East. On the WinRAR front, the malware is served up on fake websites that use two transposed letters in their domain names to resemble an authentic installer site. The file’s link on the fake domain is then provided to a legitimate WinRAR distributor site.

Recommended Videos

“Kaspersky Lab data reveals that in the course of a single week, malware delivered from the distributor site in Italy appeared on hundreds of systems throughout Europe and Northern Africa/Middle East, with many more infections likely,” the firm said. “Over the entire summer, Italy (87 percent), Belgium (5 percent) and Algeria (4 percent) were most affected. The victim geography from the infected site in Belgium was similar, with users in Belgium accounting for half (54 percent) of more than 60 successful hits.”

Kaspersky Lab first saw this method taking place in Belgium on May 28. Prior to that, the security firm witnessed an Italian WinRAR distribution site directly handing out the fake WinRAR installer instead of linking to an impostor site. The good news here is that all affected WinRAR distribution sites have removed the infected file and/or fraudulent mirror links. The bad news is that the StrongPity attack is still ongoing.

What’s surprising it that StrongPity is presently attacking its victims through TrueCrypt installers. Development of this tool ended in May 2014 once Microsoft pulled the plug on Windows XP’s life support. TrueCrypt was no longer needed because Microsoft baked support for encrypted disks and virtual disk images into Windows Vista and newer versions. Thus, the only service the TrueCrypt developer provides now concerns the steps involved in migrating from the TrueCrypt format to BitLocker.

The firm said on Monday that the infected TrueCrypt installer was still active at the end of September. Apparently there is only one fraudulent TrueCrypt website handing out the infected installer, which experienced increased activity in May, claiming 95 percent of its victims in Turkey.

Kurt Baumgartner, principal security researcher at Kaspersky Lab, made the initial announcement regarding StrongPity’s discovery in a paper presented during the Virus Bulletin 2016 conference. He said that StrongPity is similar to Crouching Yeti/Energetic Bear that trojanized legitimate IT software installers and compromised “genuine distribution sites.” This type of attack is an “unwelcome and dangerous” trend that needs to be addressed by the security industry, he added.

In addition to completely taking over a victim’s computer, hackers behind the StrongPity attack can also steal the contents of a hard drive, and download additional modules that will scoop up the infected PC’s communications and contacts. Naturally, Kaspersky Lab software will detect and remove the StrongPity malware.

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
I have Meta Quest 3S and this is the best VR accessory yet — it’s on sale
Kiwi Design best VR accessory Meta Quest 3 headstrap

Ahead of the holidays and some prime family time, I've picked up the Meta Quest 3S. So far, my family is absolutely loving it, and my kids are constantly bugging me to play games, explore worlds, and get virtual. Naturally, I manage the time we're all spending -- you don't want too much screen time. But regardless, every one of us ends up becoming immersed, which means spending a lot of time with the headset on. One of the biggest drawbacks of the stock setup is that the headstrap is uncomfortable, and it puts a lot of pressure on your face. That means, the Meta Quest 3S's best VR accessory -- and the Meta Quest 3, too -- is a new, custom strap.

We grabbed the Kiwi Design Quest 3-Quest 3S headstrap and it's fantastic. It's also on sale right now for 20% off. Normally $30, it's discounted to $24 with a coupon code. Why am I sharing? If you pick up a Meta Quest 3 or 3S for yourself, or you're planning to gift one to someone over the holidays, I highly recommend ordering one of these straps. It vastly improves the experience and makes wearing the headset much more comfortable. It's also easy to adjust the fit, which is a big deal for kids. You have no idea how frustrating it was to constantly adjust the headstrap for my children between each turn.

Read more
Best early GPU Black Friday deals: Save on top graphics cards now
The Gigabyte RX 6750 GRE graphics card over a dark background.

Building a PC from scratch can be a lot of fun, and with the upcoming Black Friday on November 29, it's a perfect time for you to pick up hardware. One of the most fun bits of any build is picking the parts, and for that, graphics cards are probably the most fun to pick between. That said, GPUs also tend to be the most expensive pieces of hardware that go into a desktop, especially if you're trying to aim for something in the mid-to-high-end range that can easily reach $500 or even $1,000. That's why we've gone out and collected some of our favorite early Black Friday GPU deals for you below.
GIGABYTE NVIDIA GeForce RTX 3060 -- $290 $350 17% off

This RTX 3060 is a great starter card for those who want to be on a budget and will handle most slightly older games pretty well at 1080p and 60Hz, potentially up to 100. It may struggle a bit with newer titles without compromises, but that's fine given the reduced $290 price point.

Read more
Nvidia just scaled down DLSS 3, and that’s a good thing
The RTX 4080 Super graphics card sitting on a pink background.

Nvidia's signature tech, DLSS 3, just got yet another update -- and although it's subtle, it actually seems like a good thing for some of the best graphics cards. The latest version, 3.8.10, bundled with the GeForce 566.14 driver, doesn't seem to introduce any major changes, but Nvidia enthusiasts noticed that it's about half the size that it used to be. Where's that difference coming from?

No, Nvidia didn't downgrade DLSS 3 -- at least not in any major way. Although this hasn't been confirmed by Nvidia itself, it appears that the company removed a whole bunch of DLSS presets and replaced them with just two. These presets make it easier for gamers to choose the type of focus they want to apply to each game.

Read more