The malware records the victim’s screen when they are visiting adult-related sites.
“In May 2019, ESET researchers observed a spike in ESET telemetry data regarding malware targeting France,” reads the analysis published by ESET. “After further investigations, we identified malware that distributes various types of spam. One of them is leading to a survey that redirects to a dodgy smartphone promotion while the other is
When a user opens the document and enables the embedded macro the malicious code first checks if the
The download code halts the execution if the victim PC has the English or Russian language.
Once executed, the Trojan will connect to the Command & Control server over Tor to receive instructions. The spam campaign is targeting customers of the French ISP Orange and include links that points to scam sites.
The malware is able to perform several malicious activities such as download and execute files and PowerShell commands.
The malware has the ability to update itself by downloading an executable from a specific URL. It is also able to uninstall
“the malware would record the computer’s screen using an FFmpeg executable that it previously would have downloaded through the Tor network. The video was uploaded to the C&C server after it was recorded. ” continues the analysis.
“These videos could have been used for convincing sexual blackmail; a practice called
Although the Varenyky Trojan could record victim’s videos, at the time ESET is not aware of their use in any kind of
(SecurityAffairs – Varenyky Trojan, sextortion)