Data wipers posing as ransomware are being distributed through malicious adult websites, BleepingComputer reports.
Threat actors have leveraged websites with host names suggesting that they were offering nude photos, which seek users to download the SexyPhotos.JPG.exe executable, a report from Cyble revealed.
Double-clicking the JPG-impersonating executable prompts the deployment and execution of four other executables and a batch file, which then copies the executables to the Windows Startup folder to build persistence. One of the executables dubbed "windowss.exe" triggers the delivery of the "windows.bat" file tasked for file renaming, while another executable "windll.exe" prompts the delivery of ransom notes.
While no data has been stolen by the fraudulent ransomware strain, it has been found to have the capability to delete nearly all files within victims' drives, according to researchers.
"Even if a decryptor is provided, renaming files to their original file name is impossible as the malware is not storing them anywhere during the infection," researchers added.
Hamas spokesperson Hudhayfa Samir Abdallah al-Kahlut, also known as "Abu Ubaida," has been sanctioned by the U.S. Treasury Department for his leadership of the group's cyber influence operations, reports The Record, a news site by cybersecurity firm Recorded Future.
TechCrunch reports that U.S. conservative think tank The Heritage Foundation was working on addressing a cyberattack against its systems last week, but investigation into whether any of its data was compromised is still underway.
Iranian state-backed threat operation MuddyWater, also known as TA450, Mango Sandstorm, and Boggy Sandstorm, has leveraged the novel DarkBeatC2 command-and-control infrastructure tool as part of its latest attack campaign, The Hacker News reports.