HomeUpdateRansomware gang, StrongPity isn't feeling pity for it's targets

Ransomware gang, StrongPity isn’t feeling pity for it’s targets


Last Updated on 10/12/2021 by Nidhi Khandelwal

StrongPity, a sophisticated hacking gang, is disseminating malware-laced Notepad++ installations that infect targets.

This hacking gang, also known as APT-C-41 and Promethium, was previously detected delivering trojanized WinRAR installations in highly targeted attacks between 2016 and 2018.

Ransomware gang, StrongPity isn't feeling pity for it's targets 1

Notepad++ is a popular free text and source code editor for Windows that is used by a wide spectrum of companies.

This service runs the keylogger component of the virus, ‘ntuis32.exe,’ as an overlapped window (using the WS MINIMIZEBOX style).

All user keystrokes are recorded by the keylogger and saved in hidden system files dumped in the ‘C:ProgramDataMicrosoftWindowsData’ folder. The infection can also steal files and other information from the computer.

‘winpickr.exe’ checks this folder on a regular basis, and when a new log file is found, the component opens a C2 connection to send the stolen data to the attackers.

The original log is erased after the transfer is complete to remove any indications of malicious behavior.

Ransomware gang, StrongPity isn't feeling pity for it's targets 2

If you need to use Notepad++, download the installer from the project’s website.

Many other websites provide the software, some of which pretend to be official Notepad++ portals but may contain adware or other undesirable software.

The laced installer’s distribution URL has been taken down after being discovered by analysts, but the actors might swiftly register a new one.

Nidhi Khandelwal
Nidhi Khandelwal
Nidhi is a tech news/research contributor at TheDigitalHacker. She publishes about techno geopolitics, privacy, and data breach.
- Advertisment -

Must Read

RAT (Remote Access Trojan) Developer arrested for building malware that affected...

Law enforcement authorities have arrested a remote access trojan (RAT) developer for infecting around 10,000 computers with malware. The suspect, who has not been...