The Windows IObit utility developer hacked over the weekend to launch an extensive attack aimed at distributing DeroHE ransomware to its forum members.
IObit is a software developer known for optimizing the Windows system and anti-malware programs such as Advanced SystemCare.
Over the weekend, IObit forum members began receiving emails claiming to be from IObit, stating that they are entitled to a free 1 year license for their software as a special advantage of participating in the forum.
The email includes a "GET IT NOW" link that redirects users to hxxps: //forums.iοbit.com/promo.html. This page no longer exists, but at the time of the attack, we were distributing a file to hxxps: //forums.iobit.com/free-iοbit-license-promo.zip.
When IObit License Manager.exe runs, the malicious IObitUnlocker.dll runs to install the DeroHE ransomware on C: \ Program Files (x86) \ IΟbit \ iοbit.dll [VirusTotal] and execute it.
Source of information: bleepingcomputer.com