Criminals love to to prey on people based on current news topics and there are few topics right now that are bigger than the 2016 United States presidential election. This can be seen in a new malware discovered by MalwareHunterTeam called CIA Election AntiCheat Control - 2016. This computer infection pretends to be a notice from the CIA that requires people to send $50 or their upcoming vote will not count.
When the CIA Election AntiCheat Control malware is installed it will display the screen above which states that the CIA and FBI are concerned about voter fraud. In order to combat this they require everyone to send $50 in the form of a PaySafeCard or their vote will not count in the upcoming 2016 presidential election. This message reads:
CIA Election AntiCheat Control - 2016
Pay within 24 hours or the registered name on your house address election vote will not be valid and will not count as a vote.
This program is sent out to people across America to make sure that nobody is cheating in the 2016 election. CIA and FBI has received numerous reports prooving that citizens of the United States of America is not going to be using fair techniques to gain votes for both presidents.
To verify yourself as a human and to help United States of America to get a new president by fair voting you need to a pay CIA Election Fee(50$)
When the infection starts it will search for the following processes and close them so that a victim cannot use them to learn how to remove the infection.
cleanmgr,cmd, msconfig,control,firefox,filezilla,iexplore,javaw,mbam,MicrosoftEdge,MSASCui,notepad,opera,chrome,RegEdit,Winrar,Spotify,MMC,msinfo32,Taskmgr,wordpad
If a victim falls for this scam and sends a PaySafeCard code, the malware send a hardware ID, derived from the computer's Processor ID, and the PaySafeCard code to the email address emilyrosefelt0@gmail.com. This can be seen in the source code below.
After sending a payment, the CIA Election AntiCheat Control malware connect to the http://textupload.com/d54g3 webpage and download the contents of the page. If the page contains the victim's hardware ID , the program will display a thank you message and uninstall itself.
Though I would hope that everyone would see this as nothing but a scam, history has shown that people actually do believe these types of messages and send payments. If you run into a strange screen on computer called CIA Election Control, please be aware this is a scam and should be ignored.
Files associated with the CIA Election AntiCheat Control:
election.exe
Registry entries associated with the CIA Election AntiCheat Control:
HKLM\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "Election Cheating Confirmed" = "election.exe"
Network Communication associated with the CIA Election AntiCheat Control:
Email: Emilyrosefelt0@gmail.com
URLs: http://textupload.com/d54g3
Comments
TheDcoder - 7 years ago
Looks like textupload.com is for sale now...
Bezukhov - 7 years ago
P.T Barnum would be proud.
BattIefists - 7 years ago
It's very obvious that this is a scam, however thanks for sharing it Lawrence!
vilhavekktesla - 7 years ago
Hi, Lawrence. What I miss from this article. How to defeat it since it monitors so many processes, making it difficult tp handle. A regular user does not have a boot disk / cd / usb-pen etc. If I cannot use FF I explode so for me this would not pose a threath. Fear is a very good ddriver for making people do unwanted choices, so the best defence is to reduce the fear.
Regards
Lawrence Abrams - 7 years ago
Boot into safe mode and you can remove it from the Run entry. It does not start in safe mode.