Virobot infects devices and then forces them to spread malware via email.
This new malware isn’t letting any part of an infected computer go to waste.
The Virobot ransomware — spotted Sunday by Trend Micro researchers — doesn’t just lock up infected computers. It also enlists them as part of its massive botnet.
Ransomware is a prevalent tool for cybercriminals. It encrypts all files on victims’ devices, demanding that they pay up if they ever want to use their computers again. Botnets are also common in malware, where hackers take mass control of infected devices and direct them to do their bidding.
The WannaCry ransomware attack in 2017 infected hundreds of thousands of computers around the world, shutting people out of their devices in hospitals, universities and airports. Massive botnets have shown to cause major damage, like when the Mirai botnet caused an internet outage across the US in 2016.
After Virobot encrypts a computer, it sends a ransom note demanding around $520 in bitcoin. While it’s locked up the computer, the malware is also using the device’s Microsoft Outlook to send spam email to the person’s contact list. The email contains a copy of Virobot in the hopes of spreading the malware.
Virobot can’t encrypt any files at the moment because its control server has been taken down.