The IOBit forum was breached over the weekend. The purpose of the hack was to distribute DeroHE ransomware to forum visitors.
I'm not sure if there are people who are influenced by the readers of iGuRu.gr, as IOBit is not (at least for me) and such a remarkable company.
That's because IOBit offers tools for cleaning and optimizing Windows systems, cleaners registery, or malware cleaners. Windows tools that is, which are usually unnecessary, and in some cases even harmful.
But there are also users who love IOBit tools.
Κατά τη διάρκεια του Σαββατοκύριακου λοιπόν, οι χρήστες του forum της IOBit δέχτηκαν ένα υποτιθέμενο ειδικό email. Τα μέλη του forum έλαβαν μηνύματα ηλεκτρονικού ταχυδρομείου που ισχυρίζονταν ότι προερχόταν από την IObit. Τα email πρόσφεραν δωρεάν άδειες 1 έτους για το λογισμικό τους σαν ειδικό προνόμιο για τη συμμετοχή τους στο φόρουμ. Φυσικά τα emails it was bait.
Anyone who clicked the Download Now button from the supposed IOBit message was automatically redirected to:
hxxps: //forums.iobit.com/promo.html
From the above address the victims could download free-iobit-license-promo.zip.
The zip contained digitally signed files of the legal IObit License Manager program. However, the intruders had replaced the IObitUnlocker.dll file with a signed malicious application. Virustotal recognized her as a trojan. This file then downloaded the DeroHE ransomware to the victim's computer.
A few hours later, the victims' system was encrypted with the DeroHE ransomware and displayed a nice notification demanding 200 Cryptocurrency-Coins (περίπου 100$ ΗΠΑ) για την αποκρυπτογράφηση. Το Bleeping Computer ανέλυσε λίγο περισσότερο το κακόβουλο λογισμικό και περιγράφει better its mode of operation.
