A fake WiFi hacking program is being used to distribute a new Coronavirus-themed malware that tries to lock you out of Windows while making some very annoying sounds.
Screenlockers are malware programs that display a lock screen when logging into Windows so that you cannot access the Windows desktop or interact with your installed programs and files.
This new screenlocker is called ‘CoronaLocker’ and was discovered by security researcher Max Kersten last week after a friend became infected by a program named ‘wifihacker.exe’.
When installed, the malware will extract numerous VBS files and a batch file that, when used together, create an annoying screenlocker functionality.
One of the VBS files called ‘speakwh.vbs’ uses speech synthesis to say “corona virus” over and over to be annoying.
Once installed, the computer will reboot, and upon restart, users will be shown a lock screen stating “you are infected of corona virus” with a contact email of firstname.lastname@example.org.
When a user logs into Windows, they will be shown a lock screen with an email address of email@example.com. The good news is that you can type vb and press the OK button to get past this screen and launch your Windows desktop.
Unfortunately, the malware creates a variety of Registry settings that prevent the Task Manager and Run commands from working, the Desktop icons are hidden, Start Menu is disabled, and more.
To see what Registry entries have been modified, you can see Kersten’s blog post.
It is not known how this malware is being distributed, but I would not be surprised to find out it was through YouTube videos or on Discord.
For those who want to see this whole annoying mess in action, you can watch the video below.
Re-Blogged from : SourcePosted on