Krita art app users targeted by ransomware posing as paid 'collaboration' opportunities

2021-09-14 19:27

Krita, an open-source cross-platform digital painting application, has become the latest victim of ransomware - but rather than being attacked directly, its name is being used to spread malware among users via emails offering advertising revenue.

Those looking to take advantage of the "Offer" are asked to "Register as a Krita partner" and sent a link to download the Windows version of the app and a "Media pack" of assets - the link, naturally, pointing to a convincingly named domain outside the control of the Krita project and hosting a ransomware dropper which takes over the victim's system, encrypts their files, and demands payment to reverse the process.

"Some fraudsters are sending mails to artists with offers pretending to be from official Krita team or Foundation," artist Raghavendra Kamath wrote in one of the earliest warnings about the attack.

"If you receive mail pretending to come from the Krita team from an email address that does not end in krita.org, like krita.io or krita.app, please be aware that these mails are scams," the project's maintainers wrote in their own warning on the topic.

"This is a ransomware attack. If you reply, you will get a link to a 'mediabank.zip' file that contains two programs masquerading as videos. There are now also fake installers that you are asked to run. Only download Krita from this website, Steam, Windows Store or Epic Store!".

"I almost downloaded this," wrote artist and Krita user Philip Hartshorn, one of the targets of the ongoing attack, "As it's a fairly convincing collaboration email/offer. I just happened to check the Krita Twitter before I did."

News URL

https://go.theregister.com/feed/www.theregister.com/2021/09/14/krita_users_targeted_by_ransomware/

#ransomware