The malicious element opens a backdoor for cybercriminals
Users who want to install a Thanksgiving Day screensaver to help them get into the holiday spirit are advised to be careful where they download it from since a malicious software masquerading as one is making the rounds.Sophos experts have come across a screensaver called “Thanksgiving Day.scr” that appears to be harmless at first sight. However, while the user is viewing a holiday slideshow, in the background, the malware connects to a server and attempts to download malicious code.
Besides opening a backdoor to allow the attacker to gain control of the infected computer, the threat also drops a DLL file called ssheay.dll, which poses as an Add-in for Outlook.
Then, a new registry entry is created to ensure that the malware (Troj/DwnLdr-KJW) is executed each time the computer starts.
Beware of emails and social media posts that advertise such screensavers. It’s likely that, in the upcoming hours, this particular campaign will intensify.