It also uses XMPP for communication , making it hard to detect.
From the article
These infections begin with the victim downloading a phony application from a third-party app store, in this case a supposed Flash Player app -
Victims, with this strain, see a message purporting to be from the National Security Agency with threatening language about copyright violations and threats of fines being tripled if not paid within 48 hours of notification.
The Ransomware uses an instant messaging protocol called XMPP, or Extensible Messaging and Presence Protocol, to receive commands and communicate with the command and control server
“Using XMPP makes it much more difficult for security devices to trace the malware C&C traffic as well as distinguish it from other legitimate XMPP traffic,” Check Point said in a report published Wednesday. “It is also makes it impossible to block traffic by monitoring for suspicious URLs.”
“As XMPP supports TLS, the communication between the client and the server is also natively encrypted.”
For More info:
No comments:
Post a Comment