SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
7 Jun 2016

CryptXXX ransomware will now steal your passwords as well

The most recent version of the CryptXXX ransomware came with lots of changes, among which the most important is an infostealer module that can dump and steal passwords from various applications on the infected machine.

Called StillerX, this module was seen part of CryptXXX starting with version 3.100, detected by Proofpoint for the first time on May 26. The US security firm says that this CryptXXX version comes with lots of new features, but StillerX makes it more dangerous than before.

StillerX works just like classic password dumpers, also known as infostealers. These types of malware are specifically designed to attack the internal databases of several software packages, extract encrypted or cleartext passwords, and then send them to an online server. CryptXXX's StillerX module is capable of targeting all sorts of software, such as browsers, download managers, email clients, FTP software, IM applications, poker apps, proxy clients, VPNs, dialer credentials, and passwords stored in WNetEnum's cache and Microsoft's Credential Manager.

Users can detect a CryptXXX ransomware infection that comes with StillerX by the presence of the "stiller.dll," "stillerx.dll" and "stillerzzz.dll" files on their systems. Proofpoint says that there are clues in StillerX's code making them believe the module could be used as a standalone, without CryptXXX.

Other new changes in CryptXXX 3.100

Besides the ability to steal your passwords for future cyber-attacks, CryptXXX also changed its decryption website. The portal received a facelift and now features new graphics. Until now, the ransomware has used the same user interface as the CryptoWall ransomware.

Last but not least, CryptXXX is now also capable of searching for network-connected drives and infecting the files it finds on those partitions as well. The ability to search and infect network drives has been seen in several ransomware families in recent weeks and seems to be a natural course of evolution for most of these threats in an attempt to maximize their impact and force victims to pay the ransom.

Tags:
password CryptXXX information leaks trojan
Source:
Softpedia
2039
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015