Application security, Malware

Attackers use fake British Gas site to spread TorrentLocker


Researchers have observed an uptick in cryptoransomware, called TorrentLocker, being spread to victims.

According to Trend Micro, the majority of new infections between June 10 and June 28 have impacted users in the U.K. and Turkey. In the United Kingdom, where researchers saw 33 percent of attacks, emails to victims were disguised as correspondence from utility companies or government agencies.

One group of suspicious emails, for instance, led to a fake British Gas website where users were directed to enter a CAPTCHA – an act that would download TorrentLocker. In March, Trend Micro noted a separate campaign spreading TorrentLocker, in which saboteurs leveraged DMARC, typically used to mitigate email abuse, to slip by users' spam filters.

In the June campaign, the firm spotted social engineering ruses also referencing U.K.'s Home Office and the Ministry of Justice in emails to trick users into installing malware.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.