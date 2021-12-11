Strongpity, a new version of the malware terrorizes notepads: what to do to prevent the attack on your pc.

Absolutely important to avoid the virus attack to your PC is to always download the software from the official sites. However, many do not follow this suggestion and this is demonstrated by the wide diffusion of the StrongPity malware. The experts of Minerva Labs they found that a new variant is hidden in the installer of the popular Notepad ++ application distributed through third party sites. Let’s find out what it is all about.

Strongpity, the new version of the malware

StrongPity is a group of cybercriminals active since 2012 that adds backdoors to legitimate software used by specific users, this technique is called watering hole. Kaspersky discovered in 2016 that the malware has been hidden in WinRAR and TrueCrypt installers mainly downloaded in Italy and Belgium. It seems that cybercriminals are now taking advantage of the popularity of Notepad ++. The attack occurs mainly in three stages. The victim discharges e install bogus software even if the icon is the original one. The WindowsData directory is then created at C: ProgramData Microsoft. Three files are then copied.

During the installation procedure the last two files also run in the background. The winpickr.exe file creates the new PickerSrv service, which runs when the operating system starts. This then runs the ntuis32.exe file. The keylogger then starts saving the keystrokes in various hidden files with the .tbl extension. The latter are copied to the C: ProgramData Microsoft WindowsData directory and subsequently sent to a remote server. Fortunately StrongPity is detected by almost all antivirus. To avoid problems of this type it is not recommended to download software from unofficial sites. The most recent version (8.1.9.3) of Notepad ++ it can in fact be downloaded from the developer’s website.