Attackers use fake British Gas site to spread TorrentLocker
Researchers have observed an uptick in cryptoransomware, called TorrentLocker, being spread to victims.
According to Trend Micro, the majority of new infections between June 10 and June 28 have impacted users in the U.K. and Turkey. In the United Kingdom, where researchers saw 33 percent of attacks, emails to victims were disguised as correspondence from utility companies or government agencies.
One group of suspicious emails, for instance, led to a fake British Gas website where users were directed to enter a CAPTCHA – an act that would download TorrentLocker. In March, Trend Micro noted a separate campaign spreading TorrentLocker, in which saboteurs leveraged DMARC, typically used to mitigate email abuse, to slip by users' spam filters.
In the June campaign, the firm spotted social engineering ruses also referencing U.K.'s Home Office and the Ministry of Justice in emails to trick users into installing malware.