A new piece of wiper malware is being distributed through warez sites, locking users out of their Windows computers after they unknowingly run the program.
As reported by BleepingComputer’s Lawrence Abrams, the malware is apparently distributed through “download” sites that promise free or cracked (read pirated) software, with users on the receiving end seeing their computers’ master boot record (MBR) locked up, preventing it from booting normally.
The attacker, who seems more interested in trolling certain figures in the infosec industry rather than asking for ransom, displays a note stating that victims were infected by Vitali Kremez and/or MalwareHunterTeam, depending on which variant they downloaded.
Kremez and MalwareHunterTeam are well-known figures in the cybersecurity scene “and have nothing to do with this malware,” Abrams writes. Both have taken to Twitter to confirm that they have nothing to do with this attack.
The malware is based on the infamous MBRLocker, a piece of wiper-ransomware that modifies the master boot record of the victim’s computer so that it shows a ransom note before Windows starts and prevents the computer from accessing the data on its hard drive – hence, prevents it from booting.
It is unclear why this malware author is trying to tarnish the names of the security researchers. From the ransom notes shared by Abrams, it seems the attacker is simply a troll.
Never download software from unofficial sources. Use a trusted security solution at all times to avoid downloading and installing malware on your computer.