Security home

 

Home / malwarePDF  

SupportScam:MSIL/Tifine.A


First posted on 05 September 2017.
Source: Microsoft

Aliases :

There are no other names known for SupportScam:MSIL/Tifine.A.

Explanation :

Installation

This support scam creates the following registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
SysMon = ""

Payload

Tricks you into calling a fake tech support number

This threat displays the following window on your desktop, showing that you are infected with a malware and that you need to call the tech support number:

Stops or changes running processes in your PC without your consent

The threat then does the following:

  • Blocks mouse and keyboard input
  • Stops the following processes
    • Chrome
    • Firefox
    • Opera
    • IExplore
    • Safari
  • Disables Task Manager
  • Hides Start menu and Taskbar


Connects to a remote host

This threat then contacts the following remote URL to get the malware status:
  • hxxp://trackpressure.website/temptrack/Store


It also creates a .bin file. The contents of this .bin file is the date and time when this malware is executed in the system.

Last update 05 September 2017

 

TOP

Malware :

Family: