Malware News DJVU Ransomware's Latest Variant 'Xaro' Disguised as Cracked Software

[silversurfer]

Content source

https://thehackernews.com/2023/11/djvu-ransomwares-latest-variant-xaro.html

A variant of a ransomware strain known as DJVU has been observed to be distributed in the form of cracked software.

"While this attack pattern is not new, incidents involving a DJVU variant that appends the .xaro extension to affected files and demanding ransom for a decryptor have been observed infecting systems alongside a host of various commodity loaders and infostealers," Cybereason security researcher Ralph Villanueva said.

A significant aspect of DJVU attacks is the deployment of additional malware, such as information stealers (e.g., RedLine Stealer and Vidar), making them more damaging in nature.

In the latest attack chain documented by Cybereason, Xaro is propagated as an archive file from a dubious source that masquerades as a site offering legitimate freeware.
Opening the archive file leads to the execution of a supposed installer binary for a PDF writing software called CutePDF that, in reality, is a pay-per-install malware downloader service known as PrivateLoader.

 

[Keyang556]

I was infected with coot stop ransom in 20191026, bundled with a crack adguard installer.

 

[Sandbox Breaker]

I was infected with coot stop ransom in 20191026, bundled with a crack adguard installer.

You need to not download cracks. Unless your a malware analyst. I've got friends asking me to ensure cracks are clean all the time. I refuse to do that. Stay away from cracks man

 

[Keyang556]

You need to not download cracks. Unless your a malware analyst. I've got friends asking me to ensure cracks are clean all the time. I refuse to do that. Stay away from cracks man

I want, but a poor student.

 

[Sandbox Breaker]

I want, but a poor student.

Poor student with Zombie PC

 

[Keyang556]

Poor student with Zombie PC

I don't hae Zombie PC