Bromium Research: New CryptoLocker Variant - First crypto-ransomware to target video games
March 2015 by Bromium Research
Gamers may be used to paying to unlock downloadable content in their favourite games, but Bromium security researcher, Vadim Kotov, has discovered a new crypto-ransomware variant which aims to make gamers pay to unlock what they already own!
Data files for more than 20 games can be affected by the threat, increasing what is already a large target for cybercriminals. This CryptoLocker variant has been getting distributed from a compromised website that was redirecting the visitors to the Angler exploit kit by using a Flash clip. Bromium notified the owner of the web site, but they haven’t responded. At the time of compliling this research, the website was still serving malware. The website is based on WordPress and could have been compromised by any one of the numerous WP exploits. Additionally, the URL where the malicious Flash file is hosted keeps changing.
Attackers used an unconventional way of redirecting the users. Instead of a typical iframe (or an iframe dynamically generated by javascript) they used a Flash clip wrapped in an invisible