Stresspaint (or the Relieve Stress Paint Tool) malware is a new cyber threat, and security researchers are warning that it is a very sophisticated variant. The infection uses highly-professional methods of distribution and is capable of stealing users credentials, personally-identifiable information, and could even initiate deceptive advertising campaigns.
A lot of free programs might seem innocent while in reality, they hide malicious features. For instance, over 56 apps in Google Play Store spread the GhostTeam malware. Similar stories in Google Play Store are rather frequent: Judy malware was also distributed via seemingly-harmless apps for Androids.
Specialists indicate that Stresspaint as an information thief, hiding in a seemingly harmless application called Relieve Stress Paint. At one point, the ad for this program was found among other results to search queries that Google presents. The application was advertised as follows:
“Relieve Stress Paint. Download, It’s free. Relieve fatigue, long-term work pressure! Improve your work needs for your brain, it’s the most important! Inspirational ideas. Music production, graphics production, documentation! When these lose their inspiration, open it and move around…”
Stresspaint malware is delivered with Relieve Stress Paint Tool, and targets Facebook and Amazon users
While the Relieve Stress Paint Tool malware could be mistaken for an entertaining program, it is hiding the Stresspaint malware. According to sources, the threat was detected on 19th of April, 2018, and in just a couple of days, the virus had already been installed into more than 45,000 computers. For some reason, creators of this malware are specifically targeting Facebook and Amazon users. The infection aims to steal information from Facebook accounts.
After the Relieve Stress Paint Tool is downloaded into computers, people will actually be able to use the advertised drawing features. However, the program will also run the Stresspaint malware: DX.exe file is the main module of the malware, and update.dll is created for the purpose of stealing passwords, cookies and other info. The sophisticated malware copies all logins and cookie databases from Chrome and stores them in special folders.
After the data is collected, it is sent to a remote C&C panel. Researchers discovered sections that are specifically designed to store information from Facebook and Amazon. Since tens of thousands of Facebook accounts became compromised by Stresspaint malware, dozens of information about these accounts ended up in hackers’ C&C panel. If you think that such a malicious activity would be instantly detected by anti-virus programs, you would be wrong. Stresspaint is a highly sophisticated malware; therefore, it uses professional stealth techniques to remain undetected. While the virus steals information about its victims, they will have no idea that their passwords have been compromised.
Also, the Relieve Stress Paint Tool was disguised behind an AOL.com website. However, after users clicked on this link, they were redirected to other websites, guaranteeing that this drawing tool is highly beneficial to stressed people. Currently, Google has already marked the main website of Relieve Stress Paint as harmful: Picc.com, This site may harm your computer. If you see such a label next to a link, you should never enter that website.
How is this sophisticated Stresspaint malware spread over the Internet?
Researchers are stating that the Stresspaint malware could be advertised thru spam. If you receive messages in your email box, urging you to download a Relieve Stress Paint Tool, we recommend that you avoid them. Additionally, since Facebook users are targeted, it could be that some deceptive posts or private messages are also sent around with the hopes of urging people to install this malicious software.
Since Stresspaint malware is developer by professionals, we encourage victims to remove it with anti-malware tools. Simply run a scan and Spyhunter will do the rest of the work for you. However, since your credentials might have been stolen, we also recommend that victims of this infection would change their passwords as soon as possible. It could be that your banking account information was also transferred to hackers. Considering this, keep track of your banking account. If you notice any unknown activity, please contact your bank.
Automatic Malware removal tools