Trump and Clinton-themed ransomware lands

Malware developers have begun to mix politics with their malicious payloads according to the Cisco Talos Group which recently discovered a payload named Trump.exe.

The firm first found the politically-themed payload while investigating a recent malspam campaign and they then decided to look into other malicious programs that contained political references or themes and found hundreds of other examples.

In a blog post titled ‘How adversaries use politics for compromise‘, the Talos Group explained their methodology, saying:

“Pivoting off of this campaign, we began to look for other IOCs that utilized political references. We developed a list of various names, terminology and iconography that has generated headlines across the political spectrum over the past few years. We then began a search throughout various malware repositories and discovered that not only were political names and iconography surprisingly common, but the results produced a wide variety of threats and was almost a microcosm of what we see on the threat landscape daily.”

Political malware

During their search, the Talos Group discovered a ransomware called the “Donald Trump Screen of Death”. This screen locker attempts to lock users out of Windows while showing them various pictures of President Trump. The Talos Group also found a program called the Trump Crypter which is used to obfuscate malware code so that it cannot be detected by security software.

Back in 2016, a screen locker called “CIA Election AntiCheat Control” was discovered that showed a picture of Hillary Clinton and Donald Trump that told victims to send $50 or their vote in the upcoming election wouldn’t count. Additionally, the Cisco Talos Group found a harmless program called Dancing Hillary that allowed users to make Hillary Clinton dance.

Former President Barack Obama’s likeness was also used by malware developers to create an injector with an Obama theme. This injector can be used to inject malicious code into legitimate processes in an attempt to evade security software.

However, malware developers also used the likeness of politicians outside the US to deliver their malicious payloads. For instance, Russian President Vladimir Putin was used as the theme for a number of infections including a screen locker called PuTiN Lockware that the Talos Group discovered. German Chancellor Angela Merkel was also used as the theme for a ransomware that made the rounds during 2016.

As the upcoming 2020 US election approaches, expect malware developers to create even more politically-themed ransomware in an effort to trick unsuspecting users.

Via Bleeping Computer

social experiment by Livio Acerbo #greengroundit #techradar