Cisco Talos released a study on the politically themed malware, used in everything from ransomware to remote access trojans (RAT). The study analysed a regular malicious spam campaign that used an executable named “Trump.exe”. The team discovered many similarly themed threats – “almost a microcosm of what we see in the threat landscape daily”.
Amongst these, there are Trump-themed ransomware (a type of malware that threatens to publish the victim’s data or block access to it until a ransom is paid) and separate Trump and Putin-themed locker malware. Still, one of the threats did not offer a way for hackers to obtain money.
CISCO also discovered many political RAT campaigns using the image of Putin. Some of them were using trap files, posing as political campaigns, that spread the RAT. They were using the image of Putin or Kim Jong Un. The “Trump_administration_economic_indicators_on_China_investements.xls” file contained malicious macros which infected the computers with PoisonIvy RAT, used usually in nation state attacks.
Cisco discovered also many other political software. Amongst them: the “Dancing Hillary” game and a “Trump’s Cyber Security Firewall” tool.
But we know our readers use Ad Guardian Plus to protect from this kind of malware.