EMPOWERMENT TECHNOLOGIES

Activity #2

 What is “malware”?
The word malware is a portmanteau of/ stands for the word “malicious” and “software”.
According to Meriam-Webster Dictionary, Malware is a software designed to interfere
with a computer’s normal functioning. Malware represents a tremendous cyber security
threat across all environments and ecosystems. Malware allows hackers to get your
sensitive personal information, steal data, and generally cause havoc. There are 5 types of
malwares; virus, worm, trojan, spyware and adware. As time passing by, people’s way of
living is evolving, same is true with the malwares. They also evolved

 Three (3) Dangerous Malware Threats in the Year 2022

1. Clop Ransomware
 A malware that is designed to encrypt data and rename each file by appending
the “.Clop” extension. For instance, “sample.jpg” is renamed to
“sample.jpg.Clop”. Following successful encryption, Clop generates a text file
(“ClopReadMe.txt”) and places a copy in every existing folder. The text file
contains a ransom-demand message.
 This malware has been the most prolific ransomware families in the past three
years. It has gained infamy for compromising high-profile organizations in
various industries worldwide using multilevel extortion techniques that
resulted in huge payouts estimated at US$500 million as of November 2021
 All files are encrypted and cannot be opened without paying a ransom.
Additional password-stealing trojans and malware infections can be installed
together with a ransom infection.
 Clop evolved as a variant of the “CryptoMix” ransomware family. In
February 2019, security researchers discovered the use of Clop by the threat
group known as TA505 when it launched a large-scale spear-phishing email
campaign. Clop is an example of ransomware as a service (RaaS) that is
 operated by a “Russian-speaking group”. Additionally, this ransomware
used a verified and digitally signed binary, which made it look like a
legitimate executable file that could evade security detection.

2. Fleeceware
 Fleeceware refers to apps that charge an excessive monthly subscription fee
after a brief trial period has ended – even if a user has uninstalled the app from
their device. If the monthly billings aren’t noticed, an unsuspecting user can
rack up hefty credit card charges over time. The fleeceware developers know
exactly what they are doing, and don’t make it easy for people to get their
money back after they’ve been “fleeced” by the deceptive software.
Fleeceware is found in Google Play and the App Store, so Android and iOS
users alike need to be on the lookout for it.
 These applications take advantage of users who do not know how to cancel a
subscription to keep charging them long after they have deleted the
application. An overpriced apps entice Google Play and App Store users with
a free trial period, and then charge them for a paid subscription even when
uninstalled.
 As of 2020, more than 600 million users installed Android fleeceware apps
from the Play Store. The term was coined in 2019 by the British researchers.
Also, infosec researchers found a collection of calculators, QR code scanners,
photo enhancers, and other programs with basic functionality on Google Play
at clearly inflated subscription of up to €200 per month, and the apps had been
downloaded by tens of millions of people, if not more.
 It is a recent addition to the cyber-security jargon. It was coined by UK cyber-
security firm Sophos last September following an investigation that
discovered a new type of financial fraud on the official Google Play Store.
The title was created by a Sophos security company in 2019 when their
research uncovered 25 apps on Google Play (with combined 600 million
download) that were scamming the users out of their money.
3. GameOver Zeus (GOZ)
 It is a peer-to-peer botnet malware that is an evolution of the earlier ZeuS
Trojan and uses encrypted peer-to-peer communication between its nodes and
command and control servers, which its predecessor did not have, making it
more elusive to law enforcement detection operations.GOZ is also able to
install other malware into an infected computer, the most common of which is
CryptoLocker, a form of “ransomware”, which finds important files and then
holds them hostage through a strong encryption so that the user is denied
access until the user pays ransom money through a strong encryption so that
the user is denied access until the pays ransom money to get the files back. It
was estimated to have $30 million in ransom payments from September to
December 2013 alone, and it was estimated to have infected 234,000 victims
worldwide,121,000 of whom are in the United States.
 GOZ was able to infect 1 million computers globally, and losses were
estimated to be in the hundreds of millions of dollars. It was only stopped
through the close cooperation of affected countries in mid 2014, stopping both
GameOver Zeus and CryptoLocker. And in February 24, 2015, the FBI
announced a reward of $3 million for information regarding the Russian
cybercriminal closely associated with GOZ, Evgeniy Bogachev
 A federal grand jury in Pittsburgh unsealed a 14-count indictment against
Evgeniy Mikhailovich Bogachev, of Anapa, Russian Federation, charging him
with conspiracy, computer hacking, wire fraud, bank fraud and money
laundering in connection with his alleged role as an administrator of the
GameOver Zeus botnet. Bogachev was also charged by criminal complaint on
Omaha with conspiracy to commit bank fraud related to his alleged
involvement in the operation of a prior variant of Zeus malware known as
“Jabber Zeus”.
 It first emerged around September 2011. Approximately 25% of the infected
computers are located in the United States. (for more info about this malware,
 here’s the link https://www.justice.gov/opa/pr/us-leads-multi-national-action-
against-gameover-zues-botnet-and-cyrptolocker-ransomware)

REFERENCES:
https://www.pcrisk.com/removal-guides/14451-clop-ransomware
https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-
spotlight-clop
https://www.kaspersky.com.au/blog/beware-of-fleeceware/23638/
https://www.securemac.com/blog/what-is-fleeceware
https://clario.co/blog/how-to-spot-fleeceware-apps/
https://www.techopedia.com/definition/31196/gameover-zeus-goz
https://www.justice.gov/opa/pr/us-leads-multi-national-action-against-gameover-zues-
botnet-and-cyrptolocker-ransomware