The virus enters the computer from phishing emails sent by attackers on behalf of government agencies, often the FSB. Email headers warn users of supposedly implemented changes to documents or laws.
For example, users received letters with the following headings: “Order of the Federal Security Service of the Russian Federation “On approval of requirements for tools designed to detect, prevent and eliminate the consequences of computer attacks and respond to computer incidents” and “Ensuring the national security of the Russian Federation” and the like.
The NCCCI warned that the threat posed by the virus has been identified as critical.
“When you click on the links to the victim’s computer, malware modules are loaded. They are protected from launching in a debugger and a virtual environment, collect cryptocurrency wallet addresses, lists of running processes, network connections, a list of USB devices, information about the operating system, etc. The collected data is redirected to resources controlled by attackers, ”the informational agency bulletin.