It’s not uncommon for malicious content to be bundled with yet more malicious content. The RAA cryptor ransomware virus and the Pony Trojan show that quite well. The ransomware not only encrypts the files on its victim’s PCs, but it also spreads the Trojan.
- The ransomware scans the system
- Find important files
- Encrypts them
- Drops a ransom note
The whole process aims to lock the computer and extort payment for the key. The interesting thing is that RAA will also drop the Pony Trojan while encrypting. The Pony Trojan is a type of spyware. Its main goal is to find and steal confidential information from infected PC. Information like:
The virus also tries to gain access to accounts and take them over. If an account has a weak password like 123456789 or qwerty, the Trojan will be prepared. It’ll guess them within minutes. The Pony Trojan is pretty durable. The first known case of the virus was in 2011, which would make it five years old know, a ripe old age for a virus.
The Pony Trojan encrypts all data before sending it to the cybercriminals. It uses the RC4 algorithm.
This isn’t the first case of cooperation between two malicious software types. Browser hijackers love to spread with the help of PUPs (potentially unwanted programs.) Browser hijackers also collect information, but they aren’t classified as spyware because the user technically agrees to their inclusion by not installing programs carefully.
RAA cryptor and Pony Trojan aren’t the only dirty pair of ransomware and spyware. The famous CryptoWall ransomware virus also included similar Trojan in its encryption process.
Cybercriminals gather on forums and exchange code, ideas, and malicious tools. It’s not surprising that they often combine their code to improve their methods of infection. New “innovations” pop ups every day. A good example would be the Locky DLL trick.
Anti-virus programs can only block known or familiar threats, so ransomware scammers should always update, correct, and scramble their scripts to succeed in infecting. One hacker tried to take advantage of the information sharing on the underground cybercrime community and uploaded malware on tools made to create malware. This hacker or group of hackers was dubbed Pahan.
The end goal of all this is making money, of course. Information is not only power, but it’s also profit. If the crooks learn your passwords with the Pony Trojan, they can do all sorts of damage, like funds embezzlement, and other scams.