Rare Trojan virus was hidden in Some Windows10 ISO images

Rare Trojan virus was hidden in Some Windows10 ISO images

Rare Trojan virus was hidden in Some Windows10 ISO images.

Cautiously downloading the Win10 ISO image was dismounted by hackers: the attack method is rare.

News on June 16, many netizens download and install Windows systems and are used to finding ISO images from the Internet.

However, this method has also been targeted by hackers with ulterior motives. By planting Trojan viruss in ISO images and stealing users’ digital assets, ordinary people Easy to fall for.

Security vendor Doctor Web recently discovered a problem with a client’s Windows 10 computer, which was planted with a Trojan called Clipper and other malicious programs.

It is understood that the Clipper Trojan virus will replace the encrypted currency e-wallet URL on the user’s device with the server URL controlled by the attacker, thereby stealing user property.

The ISO image downloaded by this customer was not Microsoft’s original version of Win10 Pro 22H2, but was downloaded through a P2P network. Little did they know that malicious programs had been implanted from the very beginning.

Moreover, the attack method of this Trojan virus is also very rare. It will create an EFI disk partition (EFI partition) in Windows, then load an injection program, and then use the method of clearing the process to implant the Trojan virus into the normal system process Lsaiso.exe. It is to avoid being detected by security software.

After controlling the normal process, Clipper will also monitor whether the user has installed security software, and if there is no security software, it will steal information during the user’s use of the e-wallet, replace it with a server controlled by hackers, and finally steal property.

This kind of attack is very rare, but fortunately, the funds stolen by hackers are not too much, only $19,000.