The malware uses the script language implemented in WinRAR to automatically unpack the content of the archive into the user’s temporary files directory and execute the “chrome.exe” file contained in the archive.

chrome.exe, ffmpegsumo.dll, icudtl.dat, rundll32.exe, msgbox.vbs

Takže minimálně současný vektor útoku je Windows only.

“chrome” contains a copy of the GPL license agreement.

Heh požaduji zdrojáky! Jestli to je GPLv3, dá se to považovat za tivoizaci počítače?

The malware also offers to decrypt a single file to demonstrate that the malware author has the capability to reverse the decryption.

Moc bych se smál, kdyby C&C server neměl detekci mezí .