Malware Authors Develop Amateurish Threats Based on Mr. Robot

January 4, 2017 2:31 pm David Bisson

Over the past several months, malware authors have developed several amateurish and incompetent threats based on the Mr. Robot TV series.

Each of the creations carries the name “FSociety.” In the TV show, FSociety is a hacker group that launches a series of complex attacks. It does so using social engineering techniques, software exploits, malware, and other methods.

But FSociety’s real-world incarnations have proven to be less-than-impressive. As security journalist Catalin Cimpanu writes for Bleeping Computer:

“In the real world, almost all malware samples that have used the FSociety name, in one form or another, have failed to impress and some of them have bordered on sheer incompetency.”

Security researchers detected the first known threat based on FSociety back in August. It was based on EDA2, an open-source ransomware building kit which is abandoned by its original developer. The FSociety ransomware used a basic encryption algorithm to encrypt a few file types. Perhaps because of that simplicity, we haven’t heard about it since.

Two more ransomware strains followed shortly thereafter. One of them basically replicated the first FSociety-based crypto-malware: it based itself off another ransomware (the RemindMe family), flashed for a few days, and then disappeared. The other contained critical flaws that allowed Fortinet’s researchers to develop a decryption tool.

The threats haven’t improved much since then. In late 2016, MalwareHunterTeam discovered a piece of malware known as FSOCIETY SCREEN LOCK. This screen locker adds a binary with different names 26 times to the Startup folder to achieve persistence. But that effort is wasted, for once it infects a user, their computer automatically turns off and bypasses the malware.

MalwareHunterTeam discovered another FSociety-based screen locker at the beginning of 2017. This malware works by disabling access to Windows Explorer and Task Manager. But users can disarm the threat by simply typing in “Senha,” the Portuguese word for “password.”

Malware has many distribution vectors today, but phishing scams remain a preferred avenue among computer criminals. Organizations should therefore focus on educating their employees about phishing attacks–no matter how laughable those campaigns’ payloads are. They can do so via the help of third-party security awareness training software.

Does this solution sound of interest to you?

If so, contact Metacompliance and learn how its anti-phishing simulations can protect your employees against both advanced and amateurish threats.