Hidden Tear
Jump to navigation
Jump to search
| Hidden Tear | |
|---|---|
| Malware details | |
| Technical name | Ransom.MSIL.Tear |
| Type | Ransomware |
| Subtype | Cryptovirus |
| Classification | Trojan horse |
| Origin | Istanbul, Turkey |
| Authors | Utku Sen |
| Technical details | |
| Platform | Microsoft Windows |
| Written in | C# |
Hidden Tear is the first open-source ransomware trojan that targets computers running Microsoft Windows[1] The original sample was posted in August 2015 to GitHub.[2]
When Hidden Tear is activated, it encrypts certain types of files using a symmetric AES algorithm, then sends the symmetric key to the malware's control servers.[3] However, as Utku Sen claimed "All my malware codes are backdoored on purpose", Hidden Tear has an encryption backdoor, thus allowing him to crack various samples.[4]
References
[edit | edit source]- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).