Varenyky
Varenyky is a spambot Trojan that uses infected PCs' resources for sending corrupted e-mail to its victims. Updates to this threat also include spyware features, such as recording Web-browsing activities related to pornographic websites. Users should disable their Internet connections, uninstall Varenyky with a trusted anti-malware application, and change all potentially-leaked passwords.
An Unusual Swing from Spamming to Spying
Trojans running botnets for spamming people is an expected state of affairs for threat actors with tactics circulating the world. However, what one spambot Trojan, Varenyky, is doing, is far from conventional. This Trojan, involving itself in more-pedestrian matters previously, is switching gears to spyware attacks with a strong suggestion of upcoming extortion.
Varenyky's current versions keep their spamming capabilities, which they use for targeting third-party victims external to the infected computer. Tactics involving Varenyky's corrupted e-mails include both fake smartphone promotional offers and, more interestingly, extortionist messages claiming that the sender has video evidence of the recipient's visiting pornographic websites. The latter also dovetails into Varenyky's new feature.
This add-on to Varenyky (which can download updates for itself through specified Web addresses) uses the FFmpeg library for recording the user's screen. However, it loads this feature only when windows entitled with 'sexe' – the French word for sex – appear. While malware experts don't see any effort in the campaign for capitalizing on the feature, for now, it seems inevitable that Varenyky will, eventually, involve itself in redirecting its extortion attempts towards the owners of compromised PCs, instead of remote targets.
Cutting Back on Career-Changing Trojans
There's no reason that Varenyky wouldn't be compatible with a majority of Windows systems, but Varenyky's campaign is concentrating on attacking customers of Orange SA, a French service provider. Users in that region should be watchful for e-mail attacks that might fit Varenyky's templates or trick them into interacting with corrupted attachments or obfuscated URLs. Malware experts are, as usual, linking the infection vectors for Varenyky to fake invoices and billing notices.
Varenyky can perform other activities besides those noted previously. Varenyky also collects credentials like passwords from infected PCs, which is highly relevant to its future as an extortionist. However, threat actors also can take advantage of Varenyky's PowerShell-leveraging capabilities or its ability to download and run other files.
Users always should disable their Internet connections after infections, to keep Varenyky from contacting its C&C server. Anti-malware tools by most vendors should find and remove Varenyky as a threat, but any private videos and personal information could be irretrievable.
The act of 'sextortion,' or sexuality-themed blackmail, requires more nuance and psychological leverage than most Trojan campaigns aim for cultivating. Varenyky breaks all the rules for a spambot's expected behavior, with French sex habits on the line.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.