Published on April 12th, 2020 📆 | 4570 Views ⚑0
New Wiper Malware impersonates two respected security researchers
A malware distributor has decided to play a nasty prank by locking victim’s computers before they can start Windows and then blaming the infection on two well-known and respected security researchers.
Over the past 24 hours, after downloading and installing software from what appears to be free software and crack sites, people suddenly find that they are locked out of their computer before Windows starts.
When locked out, the PC will display a message stating that they were infected by Vitali Kremez and MalwareHunterTeam, who are both well known malware and security researchers and have nothing to do with this malware.
The full text of this MBRLocker can be read below:
Hello, my name is Vitali Kremez. I infected your stupid PC. you idiot. Write me in twitter @VK_intel if you want your computer back If I do not answer, write my husband twitter.com/malwrhunterteam To protect your ***ing computer in future install SentinelOne antivirus. I work here as head of labs. Vitali Kremez Inc. () 2020
Recently, there has been a flurry of new MBRLockers being released that appear to be created ‘fun’ or as part of ‘pranks’ to be played on people.
These MBRLocker variants are being created using a publicly available tool being promoted on YouTube and Discord. BleepingComputer believes that this tool was used to create this MBRLocker to troll both Kremez and MalwareHunterTeam.
Rest assured, though, that MalwareHunterTeam and Vitali Kremez are not invovled in this malware.