SecurityHome.eu SupportScam:MSIL/Tifine.A

Home / malware PDF

SupportScam:MSIL/Tifine.A

First posted on 05 September 2017.
Source: Microsoft
Aliases :
There are no other names known for SupportScam:MSIL/Tifine.A.
Explanation :
Installation

This support scam creates the following registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
SysMon = ""

Payload

Tricks you into calling a fake tech support number

This threat displays the following window on your desktop, showing that you are infected with a malware and that you need to call the tech support number:

Stops or changes running processes in your PC without your consent

The threat then does the following:

Blocks mouse and keyboard input

Stops the following processes

Chrome

Firefox

Opera

IExplore

Safari

Disables Task Manager

Hides Start menu and Taskbar

Connects to a remote host

This threat then contacts the following remote URL to get the malware status:

hxxp://trackpressure.website/temptrack/Store

It also creates a .bin file. The contents of this .bin file is the date and time when this malware is executed in the system.
Last update 05 September 2017

TOP

Malware :

Last 20

Family:

SupportScam:MSIL/Tifine.A