A slightly different malware than usual to report on this morning. I haven’t previously seen an out and out destructive malware like this sent in mass malspam for many years. It must be intended to act as some sort of ransomware but there is no ransom note or instruction. It initially copies itself to C:\Users\admin\AppData\Roaming\Paint.exe and then sets a startup for that file then it searches for & finds any .exe files, initially in downloads folder or desktop renames them to voriginalfilename.exe & copies itself to the original filename, so it runs when that file is opened by the victim. … Continue reading →
Article Link: https://myonlinesecurity.co.uk/renamer-destructive-malware-via-fake-inquiry-email/