HomeUpdateRansomware gang, StrongPity isn't feeling pity for it's targets

Ransomware gang, StrongPity isn’t feeling pity for it’s targets

-

Last Updated on 10/12/2021 by Nidhi Khandelwal

StrongPity, a sophisticated hacking gang, is disseminating malware-laced Notepad++ installations that infect targets.

This hacking gang, also known as APT-C-41 and Promethium, was previously detected delivering trojanized WinRAR installations in highly targeted attacks between 2016 and 2018.

Ransomware gang, StrongPity isn't feeling pity for it's targets 1

Notepad++ is a popular free text and source code editor for Windows that is used by a wide spectrum of companies.

This service runs the keylogger component of the virus, ‘ntuis32.exe,’ as an overlapped window (using the WS MINIMIZEBOX style).

All user keystrokes are recorded by the keylogger and saved in hidden system files dumped in the ‘C:ProgramDataMicrosoftWindowsData’ folder. The infection can also steal files and other information from the computer.

‘winpickr.exe’ checks this folder on a regular basis, and when a new log file is found, the component opens a C2 connection to send the stolen data to the attackers.

The original log is erased after the transfer is complete to remove any indications of malicious behavior.

Ransomware gang, StrongPity isn't feeling pity for it's targets 2

If you need to use Notepad++, download the installer from the project’s website.

Many other websites provide the software, some of which pretend to be official Notepad++ portals but may contain adware or other undesirable software.

The laced installer’s distribution URL has been taken down after being discovered by analysts, but the actors might swiftly register a new one.

Nidhi Khandelwal
Nidhi Khandelwal
Nidhi is a tech news/research contributor at TheDigitalHacker. She publishes about techno geopolitics, privacy, and data breach.
- Advertisment -

Must Read

Top VR Sports Games to play on your PC

0
Most people would think VR is the perfect medium for sports games. Unfortunately, this is far from reality. While VR adds immersion through physical...