Figure 1. Cerber arrival
The JavaScript attachment is dedicated as JS_NEMUCOD.SMGF2B, which leads to the download of the Cerber variant (detected as RANSOM_HPCERBER.SMALY5A). In most respects, this Cerber variant is identical to the versions we spotted in May, but with a new nuance to its behavior: it now targets Bitcoin wallets for theft as well.
REF: http://blog.trendmicro.com/trendlabs-security-intelligence/cerber-ransomware-evolves-now-steals-bitcoin-wallets/
沒有留言:
張貼留言