Threat Management, Malware, Phishing, Ransomware

FTCODE ransomware acquires info-stealing powers

The recently discovered ransomware FTCODE has evolved to include new information-stealing capabilities, and is now infecting victims via VBScript links in phishing emails.

Researchers from the Zscaler ThreatLabZ team, who say they first discovered the PowerShell-based malware, detailed the latest changes in a blog post late last week.

The new iteration, version 1117.1, contains code that steals credentials from Internet Explorer, Mozilla Firefox and Thunderbird, Google Chrome and Microsoft Outlook.

When a target clicks on a VBScript link within the phishing email, the FTCODE PowerShell script is loaded. "The script first downloads a decoy image into the %temp% folder and opens it trying to trick users into believing that they simply received an image, but in the background, it downloads and runs the ransomware," explain Zscaler researchers and blog post authors Rajdeepsinh Dodia, Amandeep Kumar and Atinderpal Singh.

Prior to leveraging VBScript links, FTCODE's distributors had been sending out spam emails with attached documents containing malicious macros that, when opened, infected the target.

The ransomware component works by searching drives with a minimum of 50kb of free space and a wide range of file types within them. It reportedly uses AES encryption to scramble the affected files, then instructs victims in a note to download the Tor browser, open a specific link and follow instructions to pay up.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.