Shady Malware Distributor Is Hunting Minecraft Players With Chaos Ransomware

Cheaters never thrive. especially when they target by ransomware-laden files strewn across the internet. If Shady Malware Whether or not it is a reward like this. Japanese Minecraft players looking for alternative accounts to cheat. Because bypass bans infect with the Chaos variant of the ransomware in appalling ways.

Minecraft, owned by Microsoft, has become one of the most popular games of the past 12 years. However, there are a lot of issues with this level of popularity. Then the cheating on the 22 platforms that Minecraft is offering. Fortunately, many of these cheaters end up being catch. but there are also ways around a ban to continue wreaking havoc on servers around the world. This includes users who go out and acquire alternate or “alt” accounts, sometimes for nefarious activities.

When it comes to using alternate accounts for nefarious activities,

people are generally unwilling to pay when they know the account will eventually get banned as well. As such, these people go online and search for lists of stolen accounts. that can be used and thrown away if banned. Understanding this premise, Fortinet discovered. that the threat actors disguised the Chaos ransomware as a list of text files of “Minecraft Alt” accounts. This file is downloaded and opened under the pretext. that it is a handy list of stolen accounts. which is where the problem lies.

Once opened, the executable encrypts files smaller than 2MB. and effectively removes anything larger with the specified extensions by filling the data with random bytes. Shady Malware, In addition, the ransomware removes shadow copies of the machine, preventing any recovery of files. Then that has become encrypted. After this series of events unfolds, a readme. txt file is dropped onto the victim’s device, asking the user to pay 2,000 yen or around $ 17. Although the program code does not indicate the origin. as the yen demand and ransom note are only available in Japanese.

Point to a Japanese actor in the threat targeting Japanese Minecraft players on Windows devices.

The Fortinet team specifies that “despite its cheap ransom demand. its ability to destroy data and make it unrecoverable makes it more. than just a prank to annoy Japanese Minecraft players.” Of course, the solution to this problem is not to look for Minecraft cheats. and alternative accounts in the first place. but getting hit that hard by ransomware is pretty bad. Let us know what you think in the comments below.

A new variant of malware with a low detection rate capable of transmitting multiple. So Trojans to infected systems have been disclosed by researchers.

The Fortinet cybersecurity team says that a recent sample of the dropper reveals. that the new malware is designing to remove both RevengeRAT and WSHRAT on vulnerable Windows systems.

The dropper sample begins the infection process with JavaScript code

And URL-encoded information contained in a text editor. Once decoded, the team found VBScript obscured by character replacements.

This VBScript code is then able to call a Shell. Application object that generates a new script file, A6p.vbs, which retrieves a payload – an additional VBScript – from an external source.

The new code strings. which hide in a likely attempt to avoid detection. To extract a script file called Microsoft. VBS from a remote server and save it in the Windows temporary folder.

After the aforementioned execute the code. Because it creates a new WScript Shell object. So collecting the operating system environment. And The hard-coded data. which will eventually run the newly created script (GXxdZDvzyH.vbs) by calling the interpreter. VBScript with the B parameter, “the researchers say”. This activates “batch mode” and disables any potential warnings or alerts. that may occur during execution.