What is popcorn malware

Popcorn Time: Infect two others and get your data back

New versions of Locky and Cerber, but also the targeted attack with Goldeneye, have caused fear of crypto Trojans again in recent weeks. Now a new scam has been added with Popcorn Time: Anyone who finds two more victims for the Trojan gets their own data released.

Referrer to clear the data

The experts at MailwareHunterTeams have discovered a new crypto Trojan that gives victims the opportunity to unlock their own data in two ways. The first variant is the well-known option of a ransom. Payment is made with a personal ID and is paid in Bitcoin. For 1 Bitcoin, the equivalent of around 740 euros, the victim then receives the corresponding decryption code.

As an alternative, the victim can also spread the malware further, for this purpose the software provides a personalized URL. If the user infects two new victims by spreading them, the data should also be unlocked with the help of the decryption code.

Next ransomware on the table: Popcorn Time.
Not yet finished.
4th screenshot, "Why we do that?" part. Okay ... @ [email protected]/JHbOjJt7Gb

- MalwareHunterTeam (@malwrhunterteam) December 7, 2016

Trojans still under development

The Popcorn Time Trojan does not currently seem to offer the full range of functions. The code shows that in the future the Trojan should completely delete the encrypted data even after a certain period of time. In addition, the referrer URLs are currently also without function, which means that further dissemination via this route is not yet possible. In view of the rapid development of the crypto Trojans, it is only a matter of time before the functionality of Popcorn Time is expanded accordingly.

Syrian students are said to be behind the Trojan, who want to use the extorted money to rebuild their country and to provide the population with basic medical and food supplies. To what extent this statement corresponds to the truth cannot currently be clarified.

  • Daniel Kurbjuhn email
    ... has been strengthening the ComputerBase newsroom since January 2015. He feels at home in many areas of IT.