We research. You level up.
Protect your devices, your data, and your privacy—at home or on the go.
“Thanks to the Malwarebytes MSP program, we have this high-quality product in our stack. It’s a great addition, and I have confidence that customers’ systems are protected.”
Featured Event: RSA 2021
Activate Malwarebytes Privacy on Windows device.
Cybersecurity Month: Save 25% on EP and EDR for your business – BUY NOW
Ransomware scammers target artists with fake Krita revenue deals
Cybercrime
Posted: by
The Krita digital painting application is currently being targeted by ransomware authors. Available on Steam and other platforms, it’s a powerful tool with a very cheap purchase price and great reviews. A perfect bit of bait to start reeling in potential victims, in other words.
Ransomware scammers send out mails to artists. Those mails claim to be from the team behind the Krita tool, and contain links which redirect potential victims to the real domain. This is to make everything look above board and legitimate.
The mails seen so far read as follows:
Hello dear, please give me a moment of your time. Krita team is eager to collaborate with you.
After this follows a generic promo text for the program. They follow this up with:
We would like to consider integrating a 30-45 second ready-made promo into your media space (Facebook, Instagram, Youtube), can we consider that?
Other mails claim that once the registration process is done and dusted, an email address, payment information, and phone number are required. Yes, there’s a bit of data grabbing alongside the malware slinging.
The aim of the game is revenue generation, and this is always going to be an attractive proposition for artists.
Regardless of how the emails present themselves, there’s one common factor. They claim to link to a “mediabank” which contains icons, screenshots and previous video campaigns. The contents are “confidential”, which is a sneaky way to prevent potential victims telling anybody about it.
Some folks have reported the contents of the zip as .scr files masquerading as images/videos.
Any scam which involves images has a good chance of falling back on scr files. It’s a very old technique. Folks unfamiliar may think it means “screenshot”. This is especially the case where they’re opening up zips expecting to see imagery. Sadly, this isn’t the case. An scr is a screen saver file, and it runs on your system like a program. If it contains bad things, then bad things will be headed your way in an instant.
Tricking visual artists with scr files seems like a particularly cruel trick, whether intentional or not.
Krita previously reported this as ransomware, and as you can see, the mails are still going strong:
It's a scam. See https://t.co/G7J1cUNXt2. Don't download or install anything. @Krita_Painting will never send you spam or want to "advertise in your media space". Also only https://t.co/pzariwXu8l is legit, all other krita.something domains you get mail from belong to scammers.
They look pretty convincing, which certainly won’t hurt the scammers one bit. If you’re going to trick people who work with visuals, it pays to look as good as possible.
Forward on any dubious messages you receive to the Krita team, and delete the mails afterwards. Don’t trust zip attachments, and give any scr file extensions a wide berth. Showing file extensions is also helpful, both for this and any other potential attacks generally. It appears a lot of the domains used for these mails are down, but it’s easy enough to put up replacements. Be careful out there!
SHARE THIS ARTICLE
COMMENTS
RELATED ARTICLES
Social engineering
September 22, 2021 – “Ayesha Gaddafi” wants us to help her invest a cool $27 million. What’s the catch?
Privacy
September 7, 2021 – What can we expect from privacy-focused email if law enforcement come knocking?
Social engineering
July 19, 2021 – We take a look at a spam mail promising untold riches from a cryptocurrency transfer which will only lead to financial disaster.
Scams
June 3, 2021 – We take a look at what promises to be a wave of coronavirus phishing emails claiming that offices are reopening post-pandemic.
Privacy
February 12, 2021 – We look at a story involving the theft of people’s most sensitive data, and what you can do to secure yours.
ABOUT THE AUTHOR

Silouette of person
Contributors

Malware
Threat Center

Book with bookmark
Glossary

Suspicious person
Scams

Pencil
Write for Labs

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.
Imagine a world without malware. We do.
FOR PERSONAL
FOR BUSINESS
COMPANY
ABOUT US
CAREERS
NEWS AND PRESS
MY ACCOUNT
SIGN IN
CONTACT US
GET SUPPORT
CONTACT SALES
© All Rights Reserved
Select your language
Cybersecurity basics
Your intro to everything relating to cyberthreats, and how to stop them.

source