A year or two ago, fake antivirus solutions were pushed almost daily onto users, but as time went by, they became wiser and more able to recognize them. So cybercriminals toned it down and began replacing that malware with ransomware.
Initially, these so-called “police Trojans” targeted mostly European users.
After having seemingly locked the computer and geolocated the users’ IP addresses, the malware would present a legitimate-looking warning purportedly coming from their country’s police force about the users’ alleged downloading of illegal or criminal content.
But unfortunately for users from the US and Canada, the criminals have finally began targeting them as well:
As usual, the users are asked to pay a fine – $100 in this particular case – in order to get their computer unblocked.
“UKash vouchers are not available in the US, thus the US fake police notification that spoofs the Computer Crime & Intellectual Property Section of the US Department of Justice only mentions PaySafeCard as the accepted payment method,” say Trend Micro researchers.
“The criminals also took the time in adding plenty of logos of local supermarkets and chain stores where the cash vouchers are available.”
According to them, there are indications that a Russian-speaking (and probably Russian-based) gang is behind this campaign and previous ones that pushed banking Trojans and a new worm onto unsuspecting users.
“We also found C&C consoles that suggest a high level of development and possible reselling of the server back-end software used to manage these attacks,” the researchers say. Police Trojan attacks are here to stay – until they are done milking this cow and have to look for a fatter one, that is.”