Hacked the forum of the software company IOBit

The IOBit forum was breached over the weekend. The purpose of the hack was to distribute DeroHE ransomware to forum visitors.

Δεν είμαι σίγουρος αν υπάρχουν άτομα που επηρεάζονται από τους αναγνώστες του iGuRu., καθώς η IOBit δεν ει (τουλάχιστον για μένα) και τόσο αξιόλογη εταιρεία.

This is because IOBit offers tools for cleaning and optimizing systems with Windows, registry cleaners, or malware cleaners. That is, Windows tools, which are usually unnecessary, and in some cases even harmful.

But there are also users who love IOBit tools.

So over the weekend, IOBit forum users received a supposedly special email. Forum members received emails claiming to be from IObit. The emails offered free 1 year licenses for their software as a special privilege for their participation in the forum. Of course the emails were bait.
Anyone who clicked the Download Now button from the supposed IOBit message was automatically redirected to:

hxxps: //forums.iobit.com/promo.html

From the above address the victims could download free-iobit-license-promo.zip.

The zip contained digitally signed files of the legal IObit License Manager program. However, the intruders had replaced the IObitUnlocker.dll file with a signed malicious application. Virustotal recognized her as a trojan. This file then downloaded the DeroHE ransomware to the victim's computer.

Λίγες ώρες αργότερα, το σύστημα των θυμάτων είχε κρυπτογραφηθεί με το ransomware DeroHE και εμφάνιζε μια ωραία ειδοποίηση που απαιτούσε 200 Crypto-Coins (περίπου 100$ ΗΠΑ) για την αποκρυπτογράφηση. Το Bleeping ανέλυσε λίγο περισσότερο το κακόβουλο λογισμικό και περιγράφει καλύτερα its mode of operation.

iGuRu.gr The Best Technology Site in Greecefgns

Subscribe to Blog by Email

Subscribe to this blog and receive notifications of new posts by email.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).