Remove Varenyky Trojan (Spambot) and Stop Sextortion
TRUSSEL FJERNELSE

Remove Varenyky Trojan (Spambot) and Stop Sextortion

1 Star2 Stars3 Stars4 Stars5 Stars (2 stemmer, gennemsnit: 4.50 ud af 5)
Loading ...



Opdatering September 2019.
Varenyky er en dangerous Trojan with spyware functionalities which also operates as a spambot. Security researchers believe that the Varenyky spambot is currently under heavy development meaning that it is going to evolve. At the heart of the Varenyky spambot operation is sextortion. The Trojan is designed to steal passwords, and spy on victims’ screen via FFmpeg when they watch adult content.

Varenyky also communicates with its command and control server via Tor, and the spam that activates the operation is sent via email.

Trussel Summary

NavnVarenyky
TypeTrojan, Spambot
Kort beskrivelseVarenyky is a Trojan and a spambot that is currently distributed via phishing and spam emails.
SymptomerOfrene kan ikke opleve nogen synlige symptomer på infektion.
DistributionsmetodeSpam emails and phishing.
Værktøj Detection See If Your System Has Been Affected by Varenyky

Hent

Værktøj til fjernelse af malware

BrugererfaringTilmeld dig vores forum to Discuss Varenyky.

Varenyky Trojan and Spambot – Distribution Methods

According to WeLiveSecurity researchers, the Varenyky Trojan is currently targeting France, og mere specifikt, the users of Orange S.A., a French ISP. The main distribution channel of the spambot is phishing emails. The researchers came across a spam campaign that redirected to a survey and a bogus smartphone promotion. Men, another campaign is relying on sextortion principles, and is spying on the victim’s screen while they are visiting adult websites.

One of the malicious documents that is distributing Varenyky is attached in an email states that a bill of €491.27 is available. Upon opening the supposed bill, the victim will be notified that the document is protected by Microsoft Word and needs human verification. Med andre ord, the victim is prompted to enable macros.

It is curious to note that the macro detected in this Word document is using the function Application.LanguageSettings.LanguageID() to obtain the language ID of the victim’s computer.

"This ID contains the country and the language set by the user. The script checks if the value returned is 1036 in decimal (or 0x40C in hexadecimal) and according to the Microsoft documentation this value corresponds to France and the French language,” WeLiveSecurity researchers explained.

Relaterede: 4 Grunde til at du Modtag Sextortion og andre e-mail-svindel

Varenyky Trojan – Technical Overview

Som allerede nævnt, the Varenyky Trojan is currently targeting French victims via fake invoices in the form of Microsoft Word documents that prompt them to enable macros. When the potential victim opens the document and the macro is executed, the operation makes sure that the user is indeed French. If the victim is of other nationality, the malware operation ceases. If the French origin is confirmed, the malware will communicate with its command and control server to determine what components to download. Varenyky also installs a piece of software that steals passwords and spies on victims via FFmpeg when they are watching pornographic content online.

The Varenyky Trojan can also detect specific “trigger” keywords of sexual nature as well as websites (such as YouPorn, PornHub, and Brazzers. When any of these keywords is caught, the malware will record the computer’s screen via an FFmpeg executable. The recorded content is then sent to the command and control server. Naturligvis, the reason for recording the victim’s screen under these specific circumstances is sextortion and blackmail. It is also highly possible that Varenyky will be used in highly targeted campaigns.

Remove Varenyky Trojan

If your computer system got infected with the Varenyky Trojan, du skal have lidt erfaring med at fjerne malware. You should get rid of this Trojan as quickly as possible before it gets the chance to spread further and infect other computers. Consider removing the Trojan immediately, and follow the step-by-step instructions available below.

Note! Dit computersystem kan blive påvirket af Varenyky og andre trusler.
Scan din pc med SpyHunter
SpyHunter er en kraftfuld malware fjernelse værktøj designet til at hjælpe brugerne med dybdegående systemets sikkerhed analyse, detektering og fjernelse af Varenyky.
Husk, at SpyHunter scanner er kun for malware afsløring. Hvis SpyHunter registrerer malware på din pc, du bliver nødt til at købe SpyHunter har malware fjernelse værktøj til at fjerne malware trusler. Læs vores SpyHunter 5 bedømmelse. Klik på de tilsvarende links til at kontrollere SpyHunter s EULA, Fortrolighedspolitik og Kriterier trusselsvurdering.

To remove Varenyky følge disse trin:

1. Boot Your PC In Safe Mode to isolate and remove Varenyky files and objects
2. Find files created by Varenyky on your PC

Brug SpyHunter at scanne for malware og uønskede programmer

3. Scan efter malware og uønskede programmer med SpyHunter Anti-Malware værktøj
Avatar

Milena Dimitrova

En inspireret forfatter og indhold leder, der har været med SensorsTechForum for 4 år. Nyder ’Mr. Robot’og frygt’1984’. Fokuseret på brugernes privatliv og malware udvikling, hun tror stærkt på en verden, hvor cybersikkerhed spiller en central rolle. Hvis almindelig sund fornuft giver ingen mening, hun vil være der til at tage noter. Disse noter senere kan blive til artikler!

Flere indlæg

Efterlad en kommentar

Din e-mail-adresse vil ikke blive offentliggjort. Krævede felter er markeret *

Frist er opbrugt. Venligst genindlæse CAPTCHA.

Del på Facebook Del
Loading ...
Del på Twitter Tweet
Loading ...
Del på Google Plus Del
Loading ...
Del på Linkedin Del
Loading ...
Del på Digg Del
Del på Reddit Del
Loading ...
Del på Stumbleupon Del
Loading ...