You know cybersecurity is gaining ground when Hollywood makes a TV show on it. Mr Robot, the critically acclaimed and highly popular TV show, revolves around a mysterious group of hackers, led by an anarchist and paranoid coder. The popularity of the show has reached even real world hackers, who have actually developed a ransomware and named it after the fictional hacktivist group 'fsociety'.
The developers of the fsociety ransomware have also adopted the logo of the fictional hacktivist group. First spotted by MalwareHunter security researcher Michael Gillespie, the ransomware is yet to have infected anyone and is believed to be still under development.
However, fsociety's developers have uploaded the ransomware onto a free online malware archive, possibly to determine if the antivirus would identify it as a malicious file. "It's the first we've ever seen. I'm never seen the show, so I don't know if anything else had a subtle hint. At first I didn't understand why everyone else on the team got super excited when I shared the wallpaper, lol," Gillespie told Motherboard.
According to antivirus firm Avira, the ransomware "is based on EDA2 – the open-source code to create ransomware. It uses the Adobe PDF file icon even though it is an .exe file, after all, it does not want to look suspicious and keep you from clicking on it. Once executed, it will encrypt files using an AES encryption and create a RSA key to decrypt them. So far, it only encrypts a testing folder on the Windows desktop to '.locked' extension files. Last but not least, and as a tribute to Mr Robot, it also changes the desktop background image."
Despite the ransomware still being in the development stage, Avira already detects it "as malware", indicating that although fsociety is currently harmless, it still has the potential to function as a full-fledged ransomware and could possibly be launched in the future.
In the series, the hacker group faces off with an evil corporation. The hackers develop a ransomware to infect and lock out the company from their own systems and demand a ransom.
Although the real-life tribute to the TV show may be proof of how popular the show is even among hackers, it is unclear as to the identity of the hackers behind the ransomware and whether it was created as a mere in-name-only tribute or as a legitimate cyberweapon.