A new scam that’s using a piece of malware called Citadel redirects users to a scam site that installs scareware on their machines and demands a $100 payment to unlock them, FBI officials said.
The twist in this scam is it uses the threat of prosecution by the Department of Justice as the prompt to get victims to pay.
The malware is part of a drive-by download attack used to install the scareware on users’ machines. The attack is not much different from others used over the past few years, with the infection routine involving users going to a malicious site as the first stage. Typically, the site then uses an exploit against a vulnerability in the user’s browser, which then installs the scareware program.
In some cases, scareware will then tell the user the computer has some piece of malware and offers to remove it for a fee, of course. In this particular case, the scareware hangs the victim’s machine and says the user has violated U.S. law and faces potential prosecution.
To unlock their computer the user has to pay a $100 fine to the U.S. Department of Justice, using prepaid money card services. The geographic location of the user’s IP address determines the particular payment service. In addition to the ransomware, the Citadel malware continues to operate on the compromised computer and can elevate to commit online banking and credit card fraud.
Scareware is one of the more common attack vectors on the Web these days, and it has been effective for several years now. Adding in the element of a threat of prosecution by the federal government brings it up a notch.