Redpill
Redpill is a spyware infection that is closely linked to an email spam campaign. Redpill can be used to steal highly sensitive information. Some examples of information that can be stolen using Redpill include sensitive email messages, documents and files stored on the infected computer, online banking details, credit card numbers, social media and online email passwords and many more. Because of this, Redpill is considered as a severe threat to a computer's security and should be removed immediately as soon as you suspect that your computer has become compromised with this threat. Originally, Redpill was designed to aid individuals that suspected that their romantic partners were cheating in order to monitor their online activity. However, criminals have expanded on Redpill's original functions in order to turn Redpill into a highly effective spy Trojan that claims thousands of new victims each month. Recently, Redpill made headlines due to a widespread wave of Redpill infections in India, resulting in millions of dollars in stolen data and damages.
Table of Contents
How Redpill is Distributed
Redpill is usually included in a spam email message as a file attachment. This unsolicited email attachment will often be accompanied with an email message that attempts to entice the computer user with social engineering tactics in order to increase the likelihood that the Redpill attachment will be opened. When the email attachment is executed, the computer user will receive an error message claiming that the data in the file had been corrupted. However, this is only a distraction. In the background, Redpill will be installed on the victim's computer.
While the victim is viewing the fake error message, in the background Redpill will make changes to the Windows Registry to ensure that Redpill is loaded automatically whenever the infected computer starts up. Redpill also drops its malicious files on the victim's hard drive and makes changes to the victim's computer's settings that make it more difficult to detect and remove the Redpill infection. As soon as Redpill is installed, Redpill starts stealing information from the victim, sending this information to an email address. This email address received more than twelve thousand email messages from computers infected with Redpill in a single month, indicating the extent of this attack.
File System Details
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %ProgramFiles%\RPSP\RpspExport.exe | |
| 2. | %Windir%\Installer\[RANDOM NAME].msi | |
| 3. | %ProgramFiles%\RPSP\AdvSetup.exe | |
| 4. | %ProgramFiles%\RPSP\RPSPStart.exe | |
| 5. | %ProgramFiles%\RPSP\Rpkbhk.DLL | |
| 6. | %ProgramFiles%\RPSP\Rpsserv32.exe | |
| 7. |
C:\Documents and Settings\ |
|
| 8. |
C:\Documents and Settings\ |
|
| 9. |
C:\Documents and Settings\ |
|
| 10. | %ProgramFiles%\RPSP\RPSP.chm |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.