INSUBCONTINENT EXCLUSIVE:
Malware developers have begun to mix politics with their malicious payloads according to the Cisco Talos Group which recently discovered a
payload named Trump.exe.The firm first found the politically-themed payload while investigating a recent malspam campaign and they then
decided to look into other malicious programs that contained political references or themes and found hundreds of other examples.In a blog
post titled 'How adversaries use politics for compromise', the Talos Group explained their methodology, saying:"Pivoting off of this
campaign, we began to look for other IOCs that utilized political references
We developed a list of various names, terminology and iconography that has generated headlines across the political spectrum over the past
We then began a search throughout various malware repositories and discovered that not only were political names and iconography
surprisingly common, but the results produced a wide variety of threats and was almost a microcosm of what we see on the threat landscape
daily."During their search, the Talos Group discovered a ransomware called the “Donald Trump Screen of Death”
This screen locker attempts to lock users out of Windows while showing them various pictures of President Trump
The Talos Group also found a program called the Trump Crypter which is used to obfuscate malware code so that it cannot be detected by
security software.Back in 2016, a screen locker called “CIA Election AntiCheat Control” was discovered that showed a picture of Hillary
Clinton and Donald Trump that told victims to send $50 or their vote in the upcoming election wouldn't count
Additionally, the Cisco Talos Group found a harmless program called Dancing Hillary that allowed users to make Hillary Clinton dance.Former
President Barack Obama's likeness was also used by malware developers to create an injector with an Obama theme
This injector can be used to inject malicious code into legitimate processes in an attempt to evade security software.However, malware
developers also used the likeness of politicians outside the US to deliver their malicious payloads
For instance, Russian President Vladimir Putin was used as the theme for a number of infections including a screen locker called PuTiN
Lockware that the Talos Group discovered
German Chancellor Angela Merkel was also used as the theme for a ransomware that made the rounds during 2016.As the upcoming 2020 US
election approaches, expect malware developers to create even more politically-themed ransomware in an effort to trick unsuspecting
users.Via Bleeping Computer
