Hackers are using Trump’s image to spread ransomware

In a blog post about the ransomware, the firm wrote, “In many cases, it is clear that the authors of these applications were motivated by their political beliefs, which were reflected in the software that they created.”

Most of the ransomware stemmed from fraudulent emails appearing to be from banks or other contacts. One sample included a downloadable document titled “Trump administration economic indicators on China investments.” Another example prompted users to click a “Build the wall!” button.

When opened, the malware launches a screenlocker which removes icons from the screen and makes it appear as though the data in the system is under seize.

“These steps are performed in an attempt to make exiting the application difficult for victims and maximizes the likelihood of a successful ransom payment,” Talos noted.

A full-screen image takes over the screen depicting the political figure, something the malware creators called the “Trump Screen of Death.” According to the director of Talos outreach, Craig Williams, using political themes is effective because people will “click because their opinion on the matter is so strong.”

Williams said most of the political malware was not actually successful, saying, “If you clicked on the screen, the locker was removed, and the system appeared to operate normally.”

Talos noted that, although most of these were unsuccessful, they did contain malicious capabilities.

“What started as a regular task of analyzing a malspam campaign led us to find hundreds of politically charged pieces of software that at least had indications of malicious capabilities, even if in the end, some were not,” they wrote.

Talos noted that most Advanced Malware Protections would protect devices against such attacks.