Malicious actors continue to threaten 2-spyware
There are many cybercriminal groups: some are motivated by financial benefits while others seek completely different goals. CyberWare is one of many gangs that actively participates in vigilante acts in order to seek justice – seemingly punish scammers. The gang was actively participating in various criminal activities, including the DDoS attacks against several websites and organizations. While the cybercriminal group is performing a variety of illegal activities, it also has multiple supporters and fans who are willing to defend the activities of the gang.
Over the past few months, CyberWare threatened 2-spyware with DDoS, allegedly secret information disclosure, and even website shut down. As usual, the gang and its supporters do not have any evidence (apart from faked screenshots) that would back their claims, although it claims that all the illegal actions are justifiable.
Several forum entries, YouTube videos, and other posts showed up recently, all of which were trying to scam users and make them believe that 2-spyware is participating in malware distribution, or that it is connected to the infamous Lajunen Loan company or its members.
Now, cybercriminals went one step further and used the HiddenTear source code in order to create a customized version of file-encrypting malware called “2spyware ransomware.”
YouTube video from “Project Zorgo Leader” and fake anti-malware software
YouTube is filled with fake news, scams, and various know-it-alls. Unfortunately, YouTube does not do a very good job of filtering this bogus content and remove videos that are attempting to destroy the reputation of legitimate companies. The platform is also known to fail to take down videos that spread malware in the comments – we have seen this happening with fake Fornite, Valorant, and other game versions for Android/iOS.
Project Zorgo is a large channel on YouTube with over 12 million subscribers – the so-called YouTube hackers are creating hacking-themed videos for entertainment purposes only, however. Nonetheless, many wannabes are using the name for their own purposes, similarly to how the Anonymous movement is.
“Project Zorgo Leader” channel recently posted a video about 2spyware, which claims that the site is distributing “Malware Hunter” software, and called it a scam. Among other videos, he also uploaded videos titled “PZ message to USA government, “Roblox exploit trolling, “A Message to This President And To The Next,” and many others.
Without a doubt, such software does not exist, and scammers are once again trying to spread lies about our website.
In the video, the culprit, who uses a voice generator, claims that he saw the source code of the alleged anti-malware software and that it is a scam program designed to deceive users. Once again, no source code and no proof was provided by this fake Anonymous.
2spyware ransomware released to encrypt users' files
There have been multiple ransomware developed and released that are using legitimate names, e.g., PewDiePie, Spyhunter, CSGO, and many others. However, that does not mean that these entities are related to the actual malware, as cybercriminals can name their creations just as they please. It is also not uncommon for crooks to pretend to be somebody from the company they are trying to ruin the reputation of.
2spyware ransomware showed up on August 16, 2020, when a sample of malware was uploaded to a reputable sandbox analysis site AnyRun. Unsurprisingly, threat actors are incapable of developing their own ransomware and instead relied on well-established HiddenTear source code, available on GitHub for many years now.
Upon infiltration, the ransomware encrypts all personal files and appends .2spyware extension to them. Unlike financially-motivated malware, it delivers a ransom note READ_IT.txt which provides further bogus claims about the site:
I'm Julie Splinters, i have my most full of shit.
Sometimes i grow it on our website 2-spyware.com! If you don't pay me 10 billion dollars in 72 hours, i will throw shit on your face. contact me via our website 2-spyware.com, By the way, Ugnius is amnominus hacker team leader Don't try to use REIMAGE, It wont decrypt this. nothing can decrypt this. its made by linas secret scriptcode LINASCODE. And also, kigguolis7code
Once again, please pay attention that malicious actors are systematically trying to portray 2-spyware in a negative light by using the name for malicious purposes. In fact, the threat actors are scammers themselves, as they constantly attempt to provide fake evidence about something that does not exist.