Shadowlock Ransomware Opens CD Tray and Plays Music from Close Encounters of the Third Kind
There is almost an infinite amount of computer scams created by malware authors or at least enough for us to identify a different one every day during a full decade. With every new type of malware threat comes a spinoff variation, which the recently emerged Shadowlock Trojan has become in the form of modified ransomware.
Shadowlock Trojan is essentially a new form of ransomware that has ushered in an era of leveraging various surveys. These surveys rendered by the Shadowlock Trojan act somewhat like popularized ransomware threats where the infection locks up an affected computer and asks that a survey be completed to unlock the system.
We have taken special notice to systems infected with Shadowlock Trojan exhibiting bizarre behavior, such as playing music from the movie Close Encounters of the Third Kind. Additionally, Shadowlock-infected computers will randomly open the CD tray automatically making it appear as if the system is demon-possessed.
Shadowlock Trojan was initially found by security researchers to be just an infection that renders various surveys, for the purposes of earning its creators money through survey completions much like a PPC (pay per click) campaign would do. Now, it is evident of these surveys as shown in Figure 1 below, that they are aimed to perform numerous malicious activities on an infected computer.
Figure 1 - Example of Shadowlock survey pop-up - source: Xylibox.com
In recent findings, it has been clear of Shadowlocks malicious actions starting with what appears to be a harmless survey pop-up to locking up the infected system limiting access to the Task Manager, Command Prompt, Regedit, MSCofig and PowerShell. Many of these locked-out applications are utilized by tech-savvy users to end malicious processes, usually during the attempt to remove such a threat manually. By disabling these entities, Shadowlock has the upper-hand to prevent it from being enabled or removed manually.
In other findings of what makes Shadowlock tick, researchers at Symantec have uncovered survey builders, which are apps distributed through underground forums mostly used by cybercrooks or hackers. The survey builder is fundamentally a DIY builder of Shadowloack allowing hackers to customize pop-up surveys rendered by Shadowlock.
The customization options within the DIY survey builder range from the hacker ticking off the feature for disabling certain programs or web browsers on an infected computer. Moreover, the DIY survey builder can be customized to play songs, fill disk space, swap mouse buttons, and other mischievous actions turning an infected system into a virtual zombie computer.
We can conclude that most initial perceptions of Shadowlock in its ransomware form did not fully reveal the bigger picture of is malicious potential. In a way, Shadowlock will not only display a survey that was meticulously crafted by a sneaker hacker, but it may be programmed to conduct all sorts of spooky activities on an infected PC.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.