Fake copyright infringement emails install LockBit ransomware

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
LockBit ransomware affiliates are using an interesting trick to get people into infecting their devices by disguising their malware as copyright claims.

The recipients of these emails are warned about a copyright violation, allegedly having used media files without the creator's license. These emails demand that the recipient remove the infringing content from their websites, or they will face legal action.

The emails, spotted by analysts at AhnLab, Korea, do not determine which files were unfairly used in the body and instead tell the recipient to download and open the attached file to see the infringement content.

The attachment is a password-protected ZIP archive containing a compressed file, which in turn has an executable disguised as a PDF document, but in reality, is an NSIS installer.

The reason for this wrapping and password protection is to evade detection from email security tools.

If the victim opens the supposed "PDF" to learn what images are being used illegally, the malware will load and encrypt the device with the LockBit 2.0 ransomware.
 
  • +Reputation
  • Like
Reactions: harlan4096 and Jack

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top