New Malware Samples Resemble StrongPity

Researchers have said with high confidence that the publicly reported adversary dubbed StrongPity has been engaged in an unreported and ongoing malware campaign, according to research from AT&T Alien Labs. Threat actors are using the new malware and infrastructure to control compromised machines and deploying malicious versions of the WinBox router management software, WinRAR, as well as other trusted software to compromise their targets, researchers said. “StrongPity was first publicly reported on in October 2016 with details on attacks against users in Belgium and Italy in mid-2016. In this campaign, StrongPity used watering holes to deliver malicious versions of WinRAR and TrueCrypt file encryption software,” researchers wrote in a blog post. StrongPity was reported on again in 2017 and 2018. New samples that strongly resembled the work of StrongPity were again identified in early July 2019.