Saturday, February 20, 10:51
Home security The IObit Forum has been compromised to spread ransomware to its members

The IObit Forum has been compromised to spread ransomware to its members

The Windows IObit utility developer hacked over the weekend to launch an extensive attack aimed at distributing DeroHE ransomware to its forum members.

ransomware IObit

IObit is a software developer known for optimizing the Windows system and anti-malware programs such as Advanced SystemCare.

Over the weekend, IObit forum members began receiving emails claiming to be from IObit, stating that they are entitled to a free 1 year license for their software as a special advantage of participating in the forum.

The email includes a "GET IT NOW" link that redirects users to hxxps: //forums.iοbit.com/promo.html. This page no longer exists, but at the time of the attack, we were distributing a file to hxxps: //forums.iobit.com/free-iοbit-license-promo.zip.

This zip file [VirusTotal] contains digitally signed archives by the legal IObit License Manager program, but IObitUnlocker.dll has been replaced with an unsigned malware as shown below.

When IObit License Manager.exe runs, the malicious IObitUnlocker.dll runs to install the DeroHE ransomware on C: \ Program Files (x86) \ IΟbit \ iοbit.dll [VirusTotal] and execute it.

As most executable are signed with the IOBit certificate and the zip file hosted on its website, the users installed ransomware considering it to be a promotion of company.

Based on references in the IObit forum and other forums [1, 2], this is an extended attack targeting all members of the forum.

Source of information: bleepingcomputer.com

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehchttps://www.secnews.gr
Be the limited edition.

LIVE NEWS

How to quickly create QR codes with Bing

If you ever need to create a QR code, but you do not know how, Microsoft has an easy-to-use tool available in any program ...

Brave: Onion addresses leaked to DNS traffic

The Tor function included in the Brave web browser, allows users to access .onion dark web domains within ...

What are the 6 most known attacks on gaming companies?

A few days ago, the gaming company Big Huge Games informed the players that it was the victim of an attack, which affected its data ...

Xbox gift cards are sold at a 10% discount on Amazon

Xbox owners can save some money on games, add-ons, subscriptions and more if they buy Xbox gift cards at ...

Perseverance: NASA spacecraft lands on Mars!

The spacecraft "Perseverance" successfully landed yesterday, shortly before 11 pm Greek time on Mars. Aim of this mission of ...

YouTube: You can play 4K videos on devices with low resolution screens

Youtube application on Android allows you to play videos up to 4K resolution. All you need is a phone with ...

Top positions Software Engineering and coding skills for 2021

Due to COVID-19, recruitment efforts and employment opportunities fell sharply last year. However, the technology industry has proven to be more resilient ...
00:10:13

Phishing emails: How to recognize them and how to protect yourself?

https://www.youtube.com/watch?v=iME-CzlKVzc Το phishing είναι ίσως η μεγαλύτερη απειλή στον κυβερνοχώρο εδώ και περισσότερα από πέντε χρόνια. Γι΄...

US and UK condemn Facebook for blocking Australia

Politicians, news agents and civil rights groups in the UK and US have targeted Facebook for its decision to ...

Vaio Z (2021) Released - What are its specifications?

The Vaio Z (2021) was released as the last laptop of Vaio Corporation based in Japan. The laptop comes with a border ...