Malware

Trump.exe; the fake ransomware that exploits the image of President Donald Trump

US President Donald Trump always resorts to the term ‘fake news’ to refer to news reports that are not favorable to him, and despite criticism for his constant attacks on the press, this time the term fits perfectly with the incidents reported by digital forensics specialists.

Recently, several cases of a fake Donald Trump
themed ransomware have been reported; the operators of this campaign deliver a
malicious file via email seeking to trick the victims by displaying a ransom
note to make profits by decrypting files that were never actually encrypted.

When the alleged ransomware is installed on the victims’ computers (thanks to the trump.exe file), the hackers lock the targeted computer and display only an image of Trump, in addition to the ransom note feature on almost every ransomware infection.

The digital forensics experts at the malware
research firm Cisco Talos Intelligence mention that they have accumulated
multiple evidences about this fake ransomware. A report signed by Cisco expert
Nick Biasini mentions: “The collected samples do not encrypt the victim’s
data, or in some cases only partially and poorly do so. The main goal is to
trick users into believing that their information has been locked or completely
lost, which forces them to pay a ransom when their screen was just locked”.

A Putin Locker’s screenshot

In addition to the image of President Trump,
the operators of this campaign are also using the image of Russian President
Vladimir Putin to lock the screens of hundreds of victims and display a
threatening message: “Your PC has been blocked by PuTiN malware “, or
some similar message. In these attacks, the victims’ wallpaper is also
modified, showing a pattern of burning skulls.

After completing its installation, this
Putin-themed malware locks the victims’ screens, removes the icons from the
desktop and the taskbar, in addition to the task manager. Victims are then
shown the method to contact the hackers and set a ransom figure.

Although the research is still ongoing, digital
forensics experts say these infections are likely to start through massive spam
campaigns on social media and via email. “Potential victims are exposed to
fake advertisements or emails related to the prevention of banking fraud; some
of these messages are sent by supposed risk prevention executives from
companies like Visa,” the experts mention.

A “Donald Trump Error” screenshot

A few months ago, multiple cases of infection
with locker malware using Trump’s image (known as Donald Trump Error) were
detected, although further details about its developers and goals are still
unknown.

As digital forensics specialists from the
International Institute for Cyber Security (IICS) mention, the proximity of the
2020 US presidential election makes it much more likely that technology users
will become victims of Internet scams involving the use of political themes.

To Top

Pin It on Pinterest

Share This