Beware: Karma ransomware cloaks itself as helpful utility program

by Radu Tyrsina
Radu Tyrsina
Radu Tyrsina
CEO & Founder
Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time). For most of the kids of... read more
Affiliate Disclosure

A new ransomware agent has been discovered by a security researcher posing as a utility program. The ransomware disguises itself as a helpful program called Windows TuneUp. Users are drawn and persuaded to download the program under the guise of a tool that will help boost their PC’s performance.

Upon installation, though, the ransomware known as Karma will take effect, scanning the user’s computer to determine whether or not the PC it landed on is a virtual machine or not. If it is, Karma will cease operations. However, if it’s not a virtual machine, Karma will proceed to infect the PC and all the files it contains.

The ransomware manages to do this by connecting to the computer’s command and control server. If it is successful, user security will be completely compromised as Karma will scan every nook and cranny to retrieve encryption keys, followed by a series of its own encryptions. It will contaminate and encrypt files by the hundreds, and the respective files will be marked with a .karma extension.

It has also been discovered that Karma uses an ad system where advertisers can pay those behind Karma for every installation Karma pulls, as the ransomware comes with a series of free software “gifted” to users.

The saving grace is the fact that Karma doesn’t have a command and control server to connect to anymore. This means that while users might have gotten off easy with Karma, the threat is as real as ever and users should be extra cautious when downloading anything from the internet, especially when the offer seems too good to pass because that’s when most of the times, they probably should.


This article covers:Topics: