'Bad Rabbit Attack' Scam
Posted: January 22, 2018
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 12,494 |
|---|---|
| Threat Level: | 10/10 |
| Infected PCs: | 148 |
| First Seen: | October 25, 2017 |
|---|---|
| Last Seen: | October 3, 2023 |
| OS(es) Affected: | Windows |
The 'Bad Rabbit Attack' scam is a fake security alert that claims that your PC is under attack by the Bad Rabbit Ransomware, a 2017 Trojan. This attack recommends contacting a technical support number for help with disinfecting your computer, although this line is staffed by con artists and provides no technical assistance. For persistent incidents, malware experts suggest using anti-malware products for stopping the 'Bad Rabbit Attack' scam occurrences by deleting their underlying causes, such as adware.
Bad Bunnies on the Attack
The Russian-targeting attacks of last year's Bad Rabbit Ransomware family appear to be getting referenced by threat actors wishing to misappropriate its brand for separate Web misdeeds. Malware analysts are starting to see entirely different types of unsafe activity, centering around fake pop-ups, which also use the same 'Bad Rabbit' theme. This 'Bad Rabbit Attack' scam doesn't imitate the original ransom note's text, but, instead, delivers security warnings along with a rabbit-themed background.
The 'Bad Rabbit Attack' scam may be deploying through several vectors, including:
- Advertising software, or adware, may load a 'Bad Rabbit Attack' scam automatically, either intentionally or as the result of using a compromised ad-delivery network.
- Corrupted or compromised websites also may load unwanted or toxic advertising content like the 'Bad Rabbit Attack' scam. Most secure browsers, such as Chrome, should flag the site as being unsafe, or block it from loading automatically.
If it does display itself, the 'Bad Rabbit Attack' scam imitates the appearance of a Microsoft technical support page and claims that a 'Bad Rabbit Attack' is compromising your system. The threat actors didn't put any significant effort into this hoax, which alerts the victim about the supposed theft of information, as opposed to the Bad Rabbit Ransomware's payload, which is a data encryption and file-locking behavior. As is often the case with attacks of this category, the 'Bad Rabbit Attack' scam tries to redirect any readers towards a misleading phone line for future exploitation.
Caging a Web-Browsing Pest
It's unusual for a phone hotline-based tactic to gather the name of a file-locking Trojan's campaign, but the 'Bad Rabbit Attack' scam is, otherwise, similar to other Web hoaxes of its type. The 020-3514-0515 Scam Message, the 866-978-1337 Scam Message, and the 888-391-6168 Scam Message are some samples of very similar attacks. Upon calling the phone numbers associated with these campaigns, a victim may be asked to give remote desktop access to a threat actor, pay for scamware, or provide credentials such as their credit card numbers. All of these endanger either the user's finances or computer directly, for no security benefit.
Web surfers can protect their browsers from unsafe Web content by disabling scripts, advertisements, and pop-ups, which a 'Bad Rabbit Attack' scam could exploit for delivering itself. Malware experts have yet to connect the 'Bad Rabbit Attack' scam campaign to any specific instance of adware or other, Potentially Unwanted Programs (PUPs). Anyone with dedicated anti-adware or anti-malware products also may use them for removing any 'Bad Rabbit Attack' scam that re-triggers itself automatically.
While malware researchers have the most evidence of the 'Bad Rabbit Attack' scam campaign's targeting Chrome users, this is a variant of a hoax that runs throughout the entirety of the Web. Giving a supposed 'Microsoft' mascot the benefit of the doubt, when all evidence is against it, is a recipe for losing both your security and your money.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:
file.exe
File name: file.exe
Size: 142.85 KB (142855 bytes)
MD5: 7b5b089320d83de636b9befa84c47c3e
Detection count: 65
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: October 29, 2017
%SYSTEMDRIVE%\Users\<username>\Downloads\Nueva carpeta\MalwareDatabase-master\ransomwares\Endermanch@BadRabbit.exe
File name: Endermanch@BadRabbit.exe
Size: 441.89 KB (441899 bytes)
MD5: fbbdc39af1139aebba4da004475e8839
Detection count: 61
File type: Executable File
Mime Type: unknown/exe
Path: %SYSTEMDRIVE%\Users\<username>\Downloads\Nueva carpeta\MalwareDatabase-master\ransomwares\Endermanch@BadRabbit.exe
Group: Malware file
Last Updated: October 3, 2023
file.exe
File name: file.exe
Size: 441.89 KB (441899 bytes)
MD5: 3cb5717501a26fc7b110c5e5c95865ae
Detection count: 6
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: October 26, 2017
file.exe
File name: file.exe
Size: 441.89 KB (441898 bytes)
MD5: 34c8ca24bace33c90459364ae8cfebd2
Detection count: 3
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: October 26, 2017
file.exe
File name: file.exe
Size: 419.4 KB (419401 bytes)
MD5: fa1f941b8fb0492f33d6902f02d55b97
Detection count: 0
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: October 26, 2017
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.