Reveton ransomware received an upgrade with potent password stealing functions, researchers said.
The usual distribution method for the malware is via drive-by download when a victim visits a site full of software vulnerabilities, said researchers at security provider Avast. Once the computer ends up hit, victims are helpless. The ransomware will then demand around $200 to get your computer back.
Avast analyzed a version of Reveton that has a module containing the Pony password stealer, which can also steal virtual currency stored on a computer.
Pony can pluck and decrypt encrypted passwords for FTP, VPN and email clients, web browsers and instant messaging programs.
The version of Reveton analyzed by Avast also has another password stealer from the Papras family of malware. It’s not as effective as Pony but can disable security programs, researchers said in a blog post.
One sample of Reveton ended up pre-programmed to search a web browser’s history and cookies to see if the user had visited online sites of 17 German banks, the company wrote.
Avast said the developers may have added the capabilities because of falling profits from locking computers to gain ransom money. The developers have “decided to enter into a new black business area,” the researchers said.