CashU Virus

By Domesticus in Viruses

Threat Scorecard

Ranking: 126
Threat Level: 20 % (Normal)
Infected Computers: 300,758
First Seen: April 22, 2013
Last Seen: September 20, 2023
OS(es) Affected: Windows

CashU is a legitimate online payment company that is very popular in the Middle East. This company provides a valuable service by allowing computer users in this region to make online payments without needing access to internationally recognized credit cards or websites that may be blocked in this region of the world. Unfortunately, since late 2012 this company's good name has been sullied because of the use of this payment service in a scam commonly referred to as the CashU Virus or CashU scam. The same thing has been happening in Europe with the Ukash money transfer service and in North America with MoneyPak, both online payment services being used by criminals demanding the payment of a ransom in various ransomware schemes. Basically, criminals create Trojan infections that block access to the infected computer. Commonly known as Winlockers, these kinds of infections impersonate the police and are known as Police Ransomware Trojans.

The CashU Virus Target Countries

Police Ransomware Trojans have numerous variants. This is because they tend to target specific regions of the world, and within each region, specific countries. There are Police Ransomware Trojans in Europe with hundreds of variants, each impersonating a specific police association and targeting a specific country. Each ransomware Trojan's message is written in the targeted country's language and with police emblems and insignias insinuating that the country's police are responsible for the malware attack. Police Ransomware Trojans in Europe tend to make victims pay using Ukash, and this is why they are often called 'Ukash Virus". Malware referred to as the CashU Virus are usually Police Ransomware Trojans that target the Middle East since CashU is the main online payment provider for this region. There are dozens of variants, each targeting a specific country, such as Saudi Arabia, Lebanon, and the Kingdom of Jordan.

Dealing with a CashU Virus Infection

CashU Virus variants use an alarming ransom message which claims that the victim's computer was blocked because of illegal activities. They threaten their victims with severe penalties unless a substantial fine is paid using CashU. It is important to remember that paying this fine will not remove the CashU Virus infection. Instead, variants of the CashU Virus should be removed with a tested anti-malware application and an alternate start-up method to bypass their winlocker component and gain access to software on the infected computer.


CashU Virus may call the following URLs:

1 Comment

CashU is a scam. Our money was stolen and we are trying to file a case against them in Jordan and the UAE. They have stolen our money. We advise all merchants not to deal with them or buy cashU cards or Majd Cards.
كاش يو نصابة لقد سرقت أموالنا و نحاول ان نرفع عليهم قضية في الاردن و الامارات لقد سرقوا منا أموالنا ننصح جميع التجار عدم التعامل معهم او شراء بطاقات كاش يو او مجد كارد

Related Posts


Most Viewed