Jump to content
GFX Designer Recruitment Campaign
Moderators Recruitment

GoldenEye, the ransomware that spreads in job applications

G.O.G

By G.O.G
in Software

 Share

Recommended Posts

G.O.G Newbie

G.O.G

Posted
Posted

goldeneye-ransomware.jpg?itok=o_tGNvEt

A team of researchers at security firm Check Point has discovered a ransomware campaign that is being disseminated through job applications.

Specifically, it is a virus known as GoldenEye, a variant of the Petya ransomware that was discovered in the month of March last year. This malware encrypted the hard drive and was noted for being very dangerous and difficult to combat.

The main difference of GoldenEye and Petya resides in the form in which the attack diffuses. According to the researchers, the new virus spreads via e-mail camouflaged in an alleged job application. The text of the email pretends to have been written by a person who presents as a candidate to access a job offer and contains two attachments.

The first one is a PDF document that contains a cover letter. This file has no malicious content, and its function is none other than to provide credibility and give confidence to the victim. The second file is an XLS document that has malicious macros, and asks the user to validate the permissions so that they can be executed.

goldeneye.jpg

In case the victim accepts the execution of the macros, GoldenEye will infect the computer and begin the encryption process of all files on the computer, to which the ransomware will add an extension of eight characters at random. From this moment, the user will lose access to any file, and when the process is finished, the rescue note will be displayed in TXT format.

After this, the malware will force the computer to restart and start encrypting the disk, much like Petya did. Once the encryption is complete, a rescue note will be displayed at boot level with a personal decryption code that the victim can use to access a Dark Web portal to send messages to cybercriminals and proceed with the payment of the ransom, which Is fixed at 1.3 bitcoins, which are about 1,100 euros to change.

GoldenEye has been detected initially in Germany, but it is not ruled out that it can spread to other countries. To avoid infection, be suspicious of the emails that you receive with these characteristics and do not authorize the use of macros in Excel or in Word.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

About Us

CsBlackDevil Community [www.csblackdevil.com], a virtual world from May 1, 2012, which continues to grow in the gaming world. CSBD has over 65k members in continuous expansion, coming from different parts of the world.

Donate for a coffee☕

Get to Know Us

Let Us Help You

Quick Links

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept