A new Shamoon 3 sample uploaded to VirusTotal from France

A new sample of the dreaded Shamoon wiper was uploaded on December 23 to the VirusTotal platform from France. This sample attempt to disguise itself as a system optimization tool developed by Chinese technology company Baidu. The new variant is signed with a digital certificate from Baidu that was issued on March 25, 2015 and that expired on March 26, 2016. AThis sample was packed using the commercial packing tool Enigma version 4. Researchers from Anomali Labs have analyzed the latest variant of the wiper and discovered that it uses an image of a burning US Dollar as part of its destructive attack and includes the text "WE WILL TAKE REVENGE ON THE BLOOD AND TEARS OF OUR CHILDREN." In the attempt to deceive the victims, attackers used the internal file name "Baidu PC Faster" and the "Baidu WiFi Hotspot Setup" in the description of the file.