Cybersecurity researchers reported a new advanced SolidBit ransomware variant that is victimizing the audience of famous games and social media platforms.
“The malware was uploaded to GitHub, where it is disguised as different applications and an Instagram follower bot to lure in victims,” cybersecurity solutions firm Trend Micro reported.
Nathaniel Morales, Monte de Jesus, Ivan Nicole Chavez, Lala Manly, and Nathaniel Gregory Ragasa published technical details of their analysis of the new ransomware variant. “When an unsuspecting victim runs the application, it automatically executes malicious PowerShell codes that drop the ransomware into the system,” the analysis reads.
Solidbit ransomware is a type of computer virus that executes malicious code into Windows to encrypt all personal files located on it and locks all personal files.
“It’s possible that SolidBit’s ransomware actors are currently working with the original developer of Yashma ransomware and likely modified some features from the Chaos builder, rebranding it as SolidBit,” experts observed.
The League of Legends account checker on GitHub uploaded a file that contains instruction tools, however, it does not include a graphic user interface (GUI) or any other behavior related to its supposed function it is only a lure to the users, Experts at Trend Micro claimed.
Among the files bundled with the account checker, experts have discovered an executable file Rust LoL Accounts Checker.exe which is protected by Safengine Shielden, once the file is executed in the system, an error window appears and claims that debugging tools have been detected which could be of the malware’s anti-debugging capabilities and anti-virtualization.
“If users click on this executable file, it will drop and execute a program with malicious codes that drop and execute the SolidBit ransomware. It will begin disabling Windows Defender’s scheduled scans and any real-time scanning of some folders,” Trend Micro said.
Experts in conclusion have recommended that users use multifactor authentication (MFA) to prevent hacker groups from performing lateral movement inside a network.