ROME – The launch of the Immuni app, after numerous delays and long discussions, has finally taken place. The application to track the infection arrived yesterday on the Italian digital stores of Apple and Google and some attackers, taking advantage of the general confusion prior to the launch, took the opportunity to trigger a new scam.
The first reports of a “false Immune” date back to a few days ago. The news was provided by the CERT team of the Agency for Digital Italy (AGID). And with the arrival of the instrument the situation emerged from under the surface of the water.
Taking advantage of the expectation of the population, someone put into circulation a malicious executable file named “IMMUNI.exe” inside which the “FuckUnicorn” ransomware is actually hidden. The distribution of the file took place through an email inviting you to click on a bogus site that imitates (even in the domain) that of the Federation of Orders of Italian Pharmacists.
How does it work? – Once executed, the file shows a bogus dashboard that gives a worldwide overview of the contagions from Covid-19. In the meantime, explains CERT-AGID, “the malware encrypts the files on the victim’s Windows system and renames them by assigning the extension” .fuckunicornhtrhrtjrjy “”.
Once the procedure is over, the ransomware shows the user a text file containing the instructions for paying the ransom (quantified at 300 euros, payable in bitcoin) within 3 days to free the encrypted files.