Categories
Cybersecurity

APT POTAO EXPRESS: Infected version TrueCrypt used for cyber spying

A Russian website has been sharing a malicious TrueCrypt application for several years and recently it was made public by ESET that the file which is offered via the Russian website is actually a Trojan horse which is being used for espionage.

The website hxxp://truecryptrussia.ru (MALICIOUS) was forcing this malicious TrueCrypt version and once the victim installed the malicious TrueCrypt application, the hacker would be able to fully control the infected device. Allowing the hacker to steal (classified) information from the infected device.

You can add these IP’s to your blocklist:

  • 87.106.44.200:8080
  • 62.76.42.14:443
  • 62.76.42.14:8080
  • 94.242.199.78:443
  • 178.239.60.96:8080
  • 84.234.71.215:8080
  • 67.103.159.141:8080
  • 62.76.184.245:80
  • 62.76.184.245:443
  • 62.76.184.245:8080

The IPs have been identified as C&C’s.

By CWZ

Founder of Cyberwarzone.com.