Today I came across a program that claims to be an installer for the VLC media player. Innocent, right? Guess again. For starters, the installation file was different from that supplied by the legitimate VLC media player site.
At Step 3 of the installation I saw this dialog box:
The translation of the message from French is, “HELP US IMPROVE OUR SERVICE. To obtain your activation code call [number removed]. To receive your code in SMS send the keyword CODE to [number removed].” This is a case of SMS fraud!
As usual, we shouldn’t install programs from sources that we don’t trust. In our case, we know from Step 3 of the installation that we’re dealing fraudsters. So why continue with the installation?
We detect this Trojan as Ransom-E, updated in the 5597 DATs.