Researchers found that cybercriminals were beginning to deploy new forms of malware with a particularly political hook.
Experts from the Cisco Talos group revealed that they had discovered a payload called Trump.exe while investigating a recent malspam campaign.
After reviewing other malicious programs that contain political references or themes, the company found hundreds of other examples, showing a great potential risk to users.
Political malware
In a blog post titled "How Opponents Use Politics to Compromise," the Talos Group explained their methodology:
"During this campaign, we began looking for other CIOs using political references. We have developed a list of various names, terminologies, and iconographies that have made headlines across the political spectrum in recent years. We then began researching various malware repositories and discovered that not only were the political names and iconography surprisingly common, but the results generated a wide variety of threats and were almost a microcosm of what we see threats across the landscape on a daily basis. "
During their investigation, the Talos group discovered a ransomware called "Donald Trump's death screen." This screen locker tries to block Windows users while showing them various images of President Trump. The Talos group also found a program called Trump Crypter, used to hide malicious code so that it cannot be detected by security software.
In 2016, a locker called "CIA Election Hate Control" was discovered. He was showing a photo of Hillary Clinton and Donald Trump telling victims to send € 50 or that their vote in the next election doesn't matter. Additionally, the Cisco Talos group discovered a harmless program called Dancing Hillary that allowed users to make Hillary Clinton dance.
Malware developers have also used the likeness of former President Barack Obama to create an Obama-themed injector. This injector can be used to inject malicious code into legitimate processes to bypass security software.
However, malware developers have also used the image of outside politicians in the United States to spread their malicious payloads. For example, Russian President Vladimir Putin has been used as the subject for a number of infections, including a lock screen called PuTiN Lockware discovered by the Talos group. German Chancellor Angela Merkel was also used as a subject for ransomware software that made its rounds in 2016.
In the run-up to the upcoming 2020 US elections, expect malware developers to create more politically-themed ransomware with the aim of fooling unsuspecting users.
Through the bleeding computer