Shady Malware Distributor Is Hunting Minecraft Players With Chaos Ransomware

Cheaters never thrive, especially when they are targeted by ransomware-laden files strewn across the internet. Shady Malware Whether or not it is a reward like this, Japanese Minecraft players looking for alternative accounts to cheat or bypass bans are infected with the Chaos variant of the ransomware in appalling ways.

Minecraft, owned by Microsoft, has become one of the most popular games of the past 12 years. However, there are a lot of issues with this level of popularity, such as cheating on the 22 platforms that Minecraft is offered on. Fortunately, many of these cheaters end up being caught and bann, but there are also ways around a ban to continue wreaking havoc on servers around the world. This includes users who go out and acquire alternate or “alt” accounts, sometimes for nefarious activities.

When it comes to using alternate accounts for nefarious activities, people are generally unwilling to pay when they know the account will eventually get banned as well. As such, these people go online and search for lists of stolen accounts that can be used and thrown away if banned. Understanding this premise, Fortinet discovered that the threat actors disguised the Chaos ransomware as a list of text files of “Minecraft Alt” accounts. This file is downloaded and opened under the pretext that it is a handy list of stolen accounts, which is where the problem lies.

Once opened, the executable encrypts files smaller than about 2MB and effectively removes anything larger with the specified extensions by filling the data with random bytes. Shady Malware, In addition, the ransomware removes shadow copies of the machine, preventing any recovery of files that have become encrypted. After this series of events unfold, a readme.txt file is dropped onto the victim’s device, asking the user to pay 2,000 yen or around $ 17. Although the program code does not indicate the origin, as the yen demand and ransom note are only available in Japanese, point to a Japanese actor in the threat targeting Japanese Minecraft players on Windows devices.

The Fortinet team specifies that “despite its cheap ransom demand, its ability to destroy data and make it unrecoverable makes it more than just a prank to annoy Japanese Minecraft players.” Of course, the solution to this problem is to not look for Minecraft cheats and alternative accounts in the first place, but getting hit that hard by ransomware is pretty bad. Let us know what you think in the comments below.

A new variant of malware with a low detection rate capable of transmitting multiple Trojans to infected systems has been disclosed by researchers.

This week, the Fortinet cybersecurity team said that a recent sample of the dropper reveals that the new malware is designed to remove both RevengeRAT and WSHRAT on vulnerable Windows systems.

The dropper sample begins the infection process with JavaScript code and URL encoded information contained in a text editor. Once decoded, the team found VBScript obscured by character replacements.

This VBScript code is then able to call a Shell. Application object which generates a new script file, A6p.vbs, which retrieves a payload – an additional VBScript – from an external source.

The new code strings, which are also hidden in a likely attempt to avoid detection, extract a script file called Microsoft.VBS from a remote server and save it in the Windows temporary folder.

After the aforementioned code is executed, it creates a new WScript.Shell object and collects the operating system environment and hard-coded data, which will eventually run the newly created script (GXxdZDvzyH.vbs) by calling the interpreter VBScript with the B parameter, “the researchers say.” This activates “batch mode” and disables any potential warnings or alerts that may occur during execution.