The Varenyky malware is a brand-new threat, which appears only to target French users. This threat is being propagated via phishing emails. The emails contain an attachment, which is masked as an urgent invoice. Once the user tries to open the attachment, they will trigger the macro-script hidden within it. The threat will then check what is set as default on the compromised host. If the language that will be used is French, the attack will proceed, if it is not the threat will halt its activity.
In case that the default language is French and the unpacking of the malware is successful, the attackers will be able to execute various commands on the infected system, as well as plant additional malware on it. The Varenyky malware is capable of utilizing third-party tools to gather login credentials from Web browsers, as well as email services. The collected data is siphoned to the C&C (Command & Control) server of the operators of the Varenyky malware.
However, the most interesting feature of the Varenyky malware is that it is capable of scanning the screen of the user so that it can detect certain keywords such 'sex,' 'porn,' 'pornhub,' 'xxx,' etc. Then, the Varenyky malware can begin recording the screen that the user is viewing. It is likely that the recorded videos may be used to extort the victim. There is a term coined for this criminal activity – 'sextortion.' Victims are threatened that their engagement in distasteful activities will be revealed to their family and friends unless they pay a ransom.
Remember to be very wary of email attachments from unknown sources. Even if they appear legitimate, it is likely that they may be carrying something, which can cause you a lot of headaches potentially. It is paramount to download and install a reputable anti-malware software suite that will keep your PC safe and will alert you if a threat is attempting to infiltrate your system.