[BreachExchange] Now tech support scams are exploiting WannaCry ransomware fears

Destry Winant destry at riskbasedsecurity.com
Thu May 25 01:33:53 EDT 2017


Cybercriminals are attempting to exploit the notoriety of WannaCry for
their own ends, with scams designed to prey on fears surrounding the
high-profile global ransomware campaign.

The WannaCry ransomware epidemic hit 300,000 PCs around the globe
using worm-like capabilities to spread and infect Microsoft Windows
machines, particularly those using older operating systems

But while the worst of the WannaCry epidemic appears to be over, that isn't
stopping scammers from launching fraudulent tech-support scams looking to
exploit fears about the ransomware -- and they've already claimed victims.

The UK's fraud and cybercrime centre, Action Fraud, and the City of London
police have issued an alert
an effort to warn members of the public about these scams.

The scam begins with a pop-up window -- which doesn't close -- claiming to
be a warning from Microsoft that tells the victim they've been hit with
WannaCry. The victim is urged to phone a fake support-line number, and
asked to give the scammer on the other end of the line remote access to
their PC.

After this access has been granted, the fraudsters install the free Windows
Malicious Software Removal Tool, and then charge the victim £320 for the

"It is important to remember that Microsoft's error and warning messages on
your PC will never include a phone number," warns a police statement.
"Microsoft will never pro-actively reach out to you to provide unsolicited
PC or technical support. Any communication they have with you must be
initiated by you."

The tech-support scam isn't the only instance of attempts to exploit fears
over WannaCry.

While the ransomware targets only Windows, some apps are now trying to
exploit fears of WannaCry with fake 'WannaCry protection' for Android

Unearthed by cybersecurity researchers at McAfee
an Android app called 'WannaCry Ransomware Protection' claims to offer
antivirus protection against WannaCry and other ransomware, but it's in
fact adware.

Once the app is installed, it displays adverts and requests that users
install other apps, claiming that additional installations will help
protect the user. But all they do is display adverts, likely for the
purposes of driving click-through based revenue.

The app isn't sophisticated and, according to McAfee, "it is clear the
developers put little time into this development".

Another app named 'Anti WannaCry Virus' also promises protection but
delivers unwanted adware features.

In both cases, these apps have five-star reviews from users, which the
researchers say "tells us something about the value of online reviews".

Google says a "proactive review" process is designed to catch malicious
apps which slip through as early as possible, but despite contact from
McAfee, the 'WannaCry Ransomware Protection' for Android app remains in the
Google Play store at the time of writing.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170525/71724411/attachment.html>

More information about the BreachExchange mailing list