This week a new Hidden-Tear ransomware appeared that impersonates a Pokemon Go application for Windows and targets Arabic victims.
The ransomware includes a backdoor Windows account, spreading the executable to other drives, and creating network shares. It also appears that the developer is not done yet, as the source code contains indications that this is a development version.
What’s Different About this Ransomware
This Hidden-Tear ransomware is either the cutting edge or class clown of the malware world. Generally, people build ransomware to extract money and leave no traces. Hidden-Tear behaves like a malware hybrid that encrypts files and asks for ransom, but attempts to spread in ways normally associated with a virus.
Maybe that’s the start of something new and dangerous. But it’s equally likely this is the work of someone who is taking ideas from all over the place without really understanding their implications.
Malware is, in the end, just software. Anyone who’s used software has run into features where they just can’t imagine what the developer was thinking. Hidden-Tear may be a malware developer throwing in features just because it’s possible versus because it’s a good idea.
What Can Users Do to Protect Themselves?
One thing Hidden-Tear does well is play on people’s desires. Malware always needs an angle to get you to click, and few things capture the spirit of the day like Pokemon Go.
With many Arab countries moving to ban or limit the game, a malware that offers people a way to perhaps play, despite the government interference, is click bait that’s sure to trap some. People need to use common sense here and realize that a mobile app appearing on their PC is actually too good to be true.
How Successful Can This Ransomware Be?
If we’re going to measure Hidden-Tear as ransomware, then it should be measured in cash. It’s targeting regions where PC users may not have as much disposable income as they do in North America and Europe.
It likely does not have the same professional approach as many Eastern European ransomware operations, which often boast legitimate call centers and oddly get high marks from victims on customer service. So without this high grade money collection system, it’s unlikely it will grab any huge amount of cash – unless the creator gets very lucky.