On October 15, 2024, CERT-UA detected a cyber threat involving suspicious messages from the Telegram account @reserveplusbot, which promoted “special software” and included a malicious file named “RESERVPLUS.zip”. This file contained an executable that downloaded another malicious file, “install.exe”, identified as the MEDUZAS malware. The malware is designed to steal various file types, including documents, PDFs, and databases, and includes a self-removal feature. To evade detection, the malware uses PowerShell commands to exclude its files from Microsoft Defender. CERT-UA has taken technical measures to mitigate the risk, and users are advised to exercise caution when receiving unexpected communications, keep security software up-to-date, and regularly back up important data.

Pour en savoir plus Computer Emergency Response Team of Ukraine