GandCrab Ransomware Being Distributed Via Malspam Disguised as Receipts

Discussion in '0-day Release' started by silversurfer, Feb 8, 2018.

  1. silversurfer

    silversurfer Malware Tester Silver Member

    A new malspam campaign is underway that is pretending to be PDF receipts, but instead installs the GandCrab ransomware on a victim's computer. This is done through a series of malicious documents that ultimately install the ransomware via a PowerShell script.

    The start of the chain of events that lead to the installation of GandCrab is when a victim receives an email with a subject like "Receipt Feb-078122". These emails contain a PDF attachment with names like Feb01221812.pdf

    Full Article:
    Trim and RGiskardR like this.
  2. Google Adsense

Share This Page