A fake Windows optimization software has been let loose on the Internet. And it is going by the name “Windows-TuneUp”. And why are we telling you about this? Read on.
Windows-TuneUp is a free software that claims to speed up slow computers. But in reality, it is a fake program used by attackers to hide a ransomware called ‘Karma‘. Once installed, Karma scans the user’s computer and begins encrypting all possible file types stored on it. The files that get encrypted are renamed with the extension .karma and this is followed by the display of the ransom note.
How does Karma Ransomware get into your computer?
This incident is associated with a certain pay-per-install (money is generated for every install) software monetization company. If you download a free program that is monetized by this company, you will be greeted by an offer for a free program that claims to optimize your slow computer. This very program is Windows-TuneUp a.k.a the Karma ransomware.
Reportedly, once installed, the program displays a window showing fake performance stats and pretends to optimize the system. It even has a website that looks genuine. And while an unsuspecting user is trying the tool or checking out the website, the ransomware is silently encrypting the files. It is not until the ransom note is flashed does the realization dawn that something is wrong. It’s too late by then!
So, what now?
Every malware works according to certain commands received from a server which is controlled by the attacker. This server is called command and control (C&C) server. The good news, in this case, is the C&C server of Karma is not active anymore. This means, even if anyone downloads this ransomware, they won’t be affected.
However, the lesson to be learned here is…
Karma was not the first ransomware to have been spread in the guise of a free software and it won’t be the last. For all you know, attackers might be crafting other such ransomware as you read this post.
So, we need to be prepared, all the time.
• Avoid downloading free software from shady, unknown or less reputable websites.
• If you are taking the risk of downloading a free software, double check on its safety: Google for its reviews and check if its publisher is verified or not (very important!).
• Before downloading any software, check if it is asking you to install any additional software. Mostly, it is these software that are malicious or potentially harmful.
• Invest in an antivirus software that prevents harmful programs from getting installed on your computer.
If your friends or peers have a habit of installing free software, you may want to share this post with them.
Content reference source: