The international company Group-IB has identified a coded virus that can mine cryptocurrency and increase traffic to Internet websites.
The Troldesh virus was detected in 2015, but the virus has improved over time. “In recent campaigns, Troldesh not only encrypts files, but also mines cryptocurrency and generates traffic to websites to increase attendance and revenue from online advertising,” notes Group-IB.
Letters with the virus are allegedly sent from the mailboxes of airlines (for example, Polar Airlines), (Rolf) car dealers and the media (RBK, Novosibirsk Online), experts say. At the same time, the addresses of the senders of the letters are fake and have no relation to the companies.
According to the (TDS) Threat Detection System, the scale of attacks using Troldesh has increased in the current quarter by almost 2.5 times, which is more than in the whole 2018 year, notes “Prime”. The peak of cipher virus activity was in June.
“The mailing list involves a fairly large-scale infrastructure, including not only servers, but also infected IoT devices, such as routers. The scale of attacks using Troldesh is growing: only in June, Group-IB detected more than 1.1 thousand phishing emails containing Troldesh, in total The second quarter of 2019, their number exceeded 6 thousand, “concludes Group-IB”.