Criminals love to to prey on people based on current news topics and there are few topics right now that are bigger than the 2016 United States presidential election.  This can be seen in a new malware discovered by MalwareHunterTeam called CIA Election AntiCheat Control - 2016. This computer infection pretends to be a notice from the CIA that requires people to send $50 or their upcoming vote will not count.

CIA Election AntiCheat Control - 2016
CIA Election AntiCheat Control - 2016

When the CIA Election AntiCheat Control malware is installed it will display the screen above  which states that the CIA and FBI are concerned about voter fraud. In order to combat this they require everyone to send $50 in the form of a PaySafeCard or their vote will not count in the upcoming 2016 presidential election. This message reads:

CIA Election AntiCheat Control - 2016

Pay within 24 hours or the registered name on your house address election vote will not be valid and will not count as a vote.

This program is sent out to people across America to make sure that nobody is cheating in the 2016 election. CIA and FBI has received numerous reports prooving that citizens of the United States of America is not going to be using fair techniques to gain votes for both presidents.

To verify yourself as a human and to help United States of America to get a new president by fair voting you need to a pay CIA Election Fee(50$)

When the infection starts it will search for the following processes and close them so that a victim cannot use them to learn how to remove the infection.

cleanmgr,cmd, msconfig,control,firefox,filezilla,iexplore,javaw,mbam,MicrosoftEdge,MSASCui,notepad,opera,chrome,RegEdit,Winrar,Spotify,MMC,msinfo32,Taskmgr,wordpad

If a victim falls for this scam and sends a PaySafeCard code, the malware send a hardware ID, derived from the computer's Processor ID,  and the PaySafeCard code to the email address emilyrosefelt0@gmail.com.  This can be seen in the source code below.

Send Email

After sending a payment, the CIA Election AntiCheat Control malware connect to the http://textupload.com/d54g3 webpage and download the contents of the page. If the page contains the victim's hardware ID , the program will display a thank you message and uninstall itself.

Payment Accepted
Payment Accepted

Though I would hope that everyone would see this as nothing but a scam, history has shown that people actually do believe these types of messages and send payments. If you run into a strange screen on computer called CIA Election Control, please be aware this is a scam and should be ignored.

Files associated with the CIA Election AntiCheat Control:

election.exe

Registry entries associated with the CIA Election AntiCheat Control:

HKLM\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "Election Cheating Confirmed" = "election.exe"

Network Communication associated with the CIA Election AntiCheat Control:

Email: Emilyrosefelt0@gmail.com
URLs: http://textupload.com/d54g3

 

Related Articles:

New Unfurling Hemlock threat actor floods systems with malware

Snowblind malware abuses Android security feature to bypass security

New Medusa malware variants target Android users in seven countries

FBI warns of fake law firms targeting crypto scam victims

Phoenix UEFI vulnerability impacts hundreds of Intel PC models