Beware: Exorcist 2.0 hackers push malware through fake software cracks
According to security researcher Nao_Sec, crooks behind Exorcist 2.0 ransomware are using malicious advertising to redirect users to fake software cracking sites to lead the malware installation.
What they noticed, users are redirected to this crack site through a legitimate one in a PopCash mal-advertising.
The crack site pretends to offer the program that breaks copyright protection on commercial software so that it can be used for free.
As an instance, you could be offered a Window 10 Activator 2020 that would allow you to active Windows 10 for free. The downloaded archive file contains a zip file whose password contains in another file of .txt type.
The archive file is supposed to download the malware without being detected by Google Safe Browsing, Microsoft SmartScreen or installed security software. Upon opening this setup, you would find their files encrypted and no free Windows 10 activator gets installed.
The ransomware then drops ransom note on each encrypted file containing folder. The ransom note contains a unique link to Tor payment where the victims are supposed to pay the ransom.
On visiting this site, users could get the free decryption of one encrypted file. They can also communicate with the crooks from this page.