Dharma Creators Use ESET Antivirus Removal Tool to Spread Ransomware

Advancing the infection method, or the coding within the ransomware itself is not new news. It’s a necessity if hackers want to continue infecting victims. However, using a legitimate antivirus tool to trick users into installing the ransomware, takes it to the next level.

Hackers Exploit ESET Removal Tool

According to security researchers, the creators of Dharma ransomware, the variant that has infected victims around the globe since 2016, has tied the installation of its ransomware to an antivirus removal tool. The infection begins with a malicious email, claiming to be from Microsoft. The message states the victim’s PC is at risk following some unusual behavior. Due to the potential “corruption”, the victim is urged to “update and verify” their antivirus. Of course, in order to do so, they must click on the download (malicious) link.

If the victim opts to click on the link, two files begin to execute. One is the ransomware variant, Dharma. This begins encrypting the files on the PC, while the other file, the ESET antivirus removal tool, also begins to install. Although outdated, the antivirus removal tool is a legitimate version and requires the user to follow prompts to complete the installation process. The goal is for users to be focused on the installation of this tool, and distract them from the other malicious activity taking place on the PC.

Once Dharma has encrypted the files, a ransom note will populate demanding payment in order for the victim to retrieve a decryption key.

To avoid falling victim, users are encouraged to do the following:

  • Due diligence
    • Review the email — Do you know the sender? Are you expecting the email? Are there typos?
  • Deploy a security solution that uses application whitelisting. This will only permit, known-trusted files to execute.
  • Ensure all programs and operating systems are updated. This will ensure any known security gaps, which hackers may attempt to exploit, are patched.

 3,306 total views,  1 views today

(Visited 1 times, 1 visits today)

2 thoughts on “Dharma Creators Use ESET Antivirus Removal Tool to Spread Ransomware”

  1. sylvia didonna

    just want to know is my computer safe now or do I have to download,instatl and run anything and how do l do it

    1. Hi Sylvia, I would encourage you to reach out to our support team to ensure the program is installed, along with SuperShield, and you have scheduled scans set up. This way it is all taken care of for you and you don’t have to worry about manually scanning your computer. You may reach out support staff at http://www.pcmatic.com/help — they are available seven days a week and will be able to assist you further. Thank you!

Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.