Sharecash Screenlocker
Posted: November 7, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 8/10 |
---|---|
Infected PCs: | 96 |
First Seen: | November 7, 2016 |
---|---|
OS(es) Affected: | Windows |
The Sharecash Screenlocker is a Trojan that locks your computer until you complete a survey. The Trojan disguises its attack as a new form of Windows validation to encourage the PC user in general, and software pirates in specific, to submit to the requests. Due to potential dangers such as data collection, malware experts recommend rebooting your computer and using anti-malware products for removing the Sharecash Screenlocker immediately, without filling out its survey.
Sharing a Little Too Much of Yourself with a Survey
The means by which threat authors try to make money can vary wildly between campaigns. Although this year's trends lean towards attacks that solicit direct ransom payments to reverse damages that the Trojan causes, not all threats are so upfront about its intentions. The Sharecash Screenlocker displays a social engineering hoax that a threat actor can use to acquire money without signaling to the victims that their PCs' security is at risk.
The Sharecash Screenlocker locks the screen by loading a fake Windows pop-up that disguises itself as an 'activation prompt.' The message in the window claims that your copy of the operating system isn't valid, and demands that you fill out a survey to receive a legitimate key. The Sharecash Screenlocker also includes an automatic system reboot function, timed to trigger after five minutes. The language used in the pop-up alert is professionally-worded and includes minor details, such as trademark symbols, to keep up the illusion of the attack being a part of the Windows OS.
The Sharecash Screenlocker uses Sharecash, a download host that locks its download resources behind survey content, to host the text file with the unlock key. Although Sharecash is an independent company without any direct ties to threat actors like the Sharecash Screenlocker's admin, the website is a common point of abuse by people interested in receiving payments whenever other users download their content mislabeled deliberately. Malware experts also see pop-up content associated with the Sharecash service hosting other threats occasionally, including installation exploits for other forms of threatening and unwanted software.
Cashing out of a the Sharecash Screenlocker Attack
There have been two separate builds of the Sharecash Screenlocker, to date, at least one of which includes bugs that may stop it from unlocking your screen. Regardless of whether or not you consider the surveys safe, there's no legal need to fill them out. Microsoft never will ask you to complete a questionnaire to validate your copy of Windows, and the Sharecash Screenlocker has no ability to determine whether or not you're using legitimate or pirated software.
For attacks where the Sharecash Screenlocker blocks your desktop access, malware experts recommend that you restart your computer and load Safe Mode by the means recommended for your versions of Windows (such as tapping F4 while the system reboots, before Windows loads). With all threats disabled, you can scan your PC and use anti-malware products as needed for uninstalling the Sharecash Screenlocker. Readers should note that different versions of the Sharecash Screenlocker can display wildly varying detection rates, and update their anti-malware software's database to optimize detection.
The Sharecash Screenlocker is less capable of causing direct damage to your hard drive than most extortionist Trojans. On the other hand, giving your information to third parties for the sake of a false activation key also has the potential to put yourself in risk, albeit in ways that aren't intuitive or immediate necessarily.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.