Varenyky is a Trojan, and it uses misleading spam emails to slither in. How does that work? First, the attackers have to come up with a convincing message and a subject line to match it. For example, the subject line can tell you that your order is on its way. Once you open the email, the message inside might inform you that you need to confirm a delivery date or time. This is meant to lead you to an attached document file. If you are pushed into opening it, you are asked to enable macros, and once you do that, the Trojan is let into the operating system silently. Files are immediately created in %APPDATA% and %TEMP% directories, and malicious processes can start. Unfortunately, if you do not delete Varenyky, the attackers behind it can do terrible things. Therefore, we hope that you can remove the infection and protect your system before anything bad happens.
At the time of research, Varenyky was a threat to the French Windows users. For whatever reason, the attackers appear to be operating in France only, but, of course, this is one of those things that could change at any point. The mode of the attack could change as well, but, for now, the Trojan appears to be used in three ways. First, it records data about the system. Second, it tracks users’ activity to see when they visit adult-content websites. Once they are visited, the connected cameras are hijacked to take video recordings of the victims. Third, Varenyky appears to be used in mass spam campaigns. As you can see, this Trojan is extremely intrusive, and it could be used to defame unsuspecting victims. The bad news is that the infection is silent, and the victim might not know about its existence for a long time. How did you learn about the attack? Were you informed about it during a random system scan that you decided to perform randomly? At the end of the day, once you discover the threat, you must remove it quickly.
Although Varenyky records unsuspecting Windows users while they are visiting adult-content websites and it can send emails that are threatening users to publish those videos if they do not follow the attackers’ instructions, at the time of research, there was no real connection between the videos and the recipients of the sextortion emails. Unfortunately, Varenyky records real videos of real people, and so it is possible that the attackers could start sending terrorizing messages to the recorded victims. At this time, it is unknown what the purpose of the recorded videos is, but we doubt that the attackers are using them for their own private viewing. They must be planning something big. Unfortunately, at this point, we can only guess what will happen with this malicious threat. In the best-case scenario, it will dissipate, and Windows users will learn how to defend their systems against it. In the worst-case scenario, it will become stronger, and it will start spreading outside of France as well.
The best protection against Varenyky is active anti-malware software. As long as your system is guarded, the chances of facing this Trojan or other infections will be minimal. Of course, no one and nothing can guarantee complete protection, but reliable security software can make a huge difference. You also need to be cautious about the emails you interact with, especially since there are plenty of other threats that can spread using misleading messages as harmless-looking attachments. It is also a good idea to unhook or cover all cameras when they are not in use because you do not want anyone recording you in case malware finds a way in. It is a good idea to install reliable anti-malware software now because it will automatically remove Varenyky. If you are not interested in installing this software– and remember that your overall security might suffer because of it – you will have to remove the infection manually. Although we know where it exists, we cannot name the malicious files because the names are random. Note that if you are not careful, you might end up deleting the wrong files, and that could cause other problems.