Experts antivirus company ESET have found that spyware Win32/Potao able to pretend to be the TrueCrypt application. Potao is loaded into the system using the executable file TrueCrypt.exe and loader were compromised version of the software to encrypt data.

Read more...

Experts antivirus company ESET have found that spyware Win32/Potao able to pretend to be the TrueCrypt application. Potao is loaded into the system using the executable file TrueCrypt.exe and loader were compromised version of the software to encrypt data.

Modification of TrueCrypt was distributed through the site truecryptrussia.ru that this domain name was used as one control server. This may indicate that the site was originally created for the implementation of malicious operations, experts say.

the First malicious modification TrueCrypt containing a backdoor, dated April 2012. They were delivered on a selective basis to certain users, which indicates the focus of attacks. It is noted that in some cases Potao loaded on the PC by another program.