Fake “Official CIA Election AntiCheat Control” Malware Requests $50 - How to, Technology and PC Security Forum | SensorsTechForum.com

Fake “Official CIA Election AntiCheat Control” Malware Requests $50

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

New malware has appeared that takes advantage of the 2016 presidential elections in the US. The virus displays a fraudulent lock screen message claiming it is originating from the CIA. The message displays that the malware is a legitimate program that aims to make sure nobody cheats duing the 2016 election and it’s purpose is human verification by paying a hefty sum of 50$ via PaySafeCard. Anyone who came across the message from the picture above should immediately remove this malware from their computer by reading the information in this article.

Images Source: Michael Gillespie on Twitter

Threat Summary


Official CIA Election AntiCheat Control

TypeLockscreen Ransomware
Short DescriptionThe malware displays a fake message that prompts victims to verify that they are human by paying $50 to a PaySafeCard account.
SymptomsThe user may witness the images of Donald Trump and Hillary Clinton along with a long note which aims to rope them into falling for this scam.
Distribution MethodVia an Exploit kit, Dll file attack, malicious JavaScript or a drive-by download of the malware itself in an obfuscated manner.
Detection Tool See If Your System Has Been Affected by Official CIA Election AntiCheat Control


Malware Removal Tool

User ExperienceJoin our forum to Discuss Official CIA Election AntiCheat Control malware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

How Is CIA Election AntiCheat Malware Spread?

There may either be malicious files or malicious web links linking to files associated with CIA Election AntiCheat malware. Such objects may be distributed via several different ways, the primary of which is believed to be massive e-mail spam campaigns undertaken by cyber-criminals. Such spam campaigns are often related to either spam bots or external spammers whose services may have been requested by CIA Election AntiCheat Malware. Not only this, but CIA Election AntiCheat is also believed to use other methods to spread like social media websites or file sharing services.

CIA Election Control Malware – More Information

This virus is both old and new because it uses a tactic that is well-known for most police ransomware viruses that are combined with a lock-screen message and this is nothing revolutionary.

Even the police message aims to induce fear in the average user (voter) just like FBI ransomware variants do:

“CIA Election Control
This program is sent out to people across America to make sure that nobody is cheating in the 2016 Election. CIA And FBI have received numerous reports proving that citizens of United States of America are not going to be using fair techniques to gain votes for both presidents.
To verify yourself as a human and to help United States of America to get a new president by fair voting you need to pay a CIA Election Fee (50$)
Steps to provide that you are a human and is using fair voting methods:
1) Go to any PaySafeCard Retailer and purchase a code for 50$
2) Enter the code that you purchased in the textbox below.
3) Wait (up to 10 hours) to get your payment validated, and your vote will count as a vote.”

What is new in this malware, however, is that it uses PaySafeCard methods for it’s payment which is not typical for most lock screen viruses as they use BitCoin.

The virus is even pre-programmed to scan for a valid PaySafeCard code:


After this is performed, the virus displays a message that states wether the PaySafeCard payment is complete or there is an error and if there is an error, it even displays what that error is:


These type of cheap lock-screen scams are nothing new and malware researchers strongly advise users who have been affected not to pay any type of ransom fee because there is no such thing as a CIA AntiCheat Control for the American people. Instead, we urge you to remove this virus from your computer completely.

Removing CIA Election Control Malware Safely

You can go hunting for the malicious files that the malware has created by following the manual instructions in our article and looking for files with commonly generated malicious names and in the often targeted Windows folders:


Another safer and more effective strategy is to boot your computer in Safe Mode to isolate CIA Election Control malware and scan it via an advanced anti-malware program that should make sure the virus’s files as well as the registry subkeys and value strings I has modified or created are automatically and fully removed, instructions for which you may find below.


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share