Skip to main content

Donald Trump ransomware spreads dangerous malware

(Image credit: Pixabay)

Cybercriminals are beginning to roll out new forms of malware with a particulalrly political hook, researchers have found.

Experts at the Cisco Talos Group revealed they have discovered a payload named Trump.exe while investigating a recent malspam campaign.

After looking into other malicious programs that contained political references or themes, the firm found hundreds of other examples, showing a huge potential risk for users.

Political malware

In a blog post titled 'How adversaries use politics for compromise', the Talos Group explained their methodology, saying:

"Pivoting off of this campaign, we began to look for other IOCs that utilized political references. We developed a list of various names, terminology and iconography that has generated headlines across the political spectrum over the past few years. We then began a search throughout various malware repositories and discovered that not only were political names and iconography surprisingly common, but the results produced a wide variety of threats and was almost a microcosm of what we see on the threat landscape daily."

During their search, the Talos Group discovered a ransomware called the “Donald Trump Screen of Death”. This screen locker attempts to lock users out of Windows while showing them various pictures of President Trump. The Talos Group also found a program called the Trump Crypter which is used to obfuscate malware code so that it cannot be detected by security software.

Back in 2016, a screen locker called “CIA Election AntiCheat Control” was discovered that showed a picture of Hillary Clinton and Donald Trump that told victims to send $50 or their vote in the upcoming election wouldn't count. Additionally, the Cisco Talos Group found a harmless program called Dancing Hillary that allowed users to make Hillary Clinton dance.

Former President Barack Obama's likeness was also used by malware developers to create an injector with an Obama theme. This injector can be used to inject malicious code into legitimate processes in an attempt to evade security software.

However, malware developers also used the likeness of politicians outside the US to deliver their malicious payloads. For instance, Russian President Vladimir Putin was used as the theme for a number of infections including a screen locker called PuTiN Lockware that the Talos Group discovered. German Chancellor Angela Merkel was also used as the theme for a ransomware that made the rounds during 2016.

As the upcoming 2020 US election approaches, expect malware developers to create even more politically-themed ransomware in an effort to trick unsuspecting users.

Via Bleeping Computer