News broke this morning that the Iran Computer Emergency Response Team Coordination Center has issued a security alert about a ransomware distribution campaign currently active in the country. The alert warns users about Tyrant ransomware, a strain spotted last Monday, October 16.According to Iran CERTCC, malicious actors have spread versions of the Psiphon VPN app laced with Tyrant and are now trying to extort infected users for money. Marco Cova, Senior Security Researcher at Lastline commented below.
Marco Cova, Senior Security Researcher at Lastline:
“Attackers use whatever bait may lead users to install their malware, and are known to customize their attacks to make them more effective against specific groups or niches. So, it’s not surprising that users looking for security and privacy software are targeted; several years ago we observed similar attacks (on a much larger scale than this specific incident) in the form of malware pretending to be anti-virus tools. As always, users should be careful to obtain software they install from legitimate sources. This is especially critical when installing security software, which often runs with high privileges and has access to all data on a system.”
