Ransomware targets Krita art app users
Krita, the professional open source painting program, becomes the latest target of ransomware – but unfortunately, the case here is even worse. Rather than being attacked directly, the app’s name is being used for spreading malware among users. This is done through emails presenting advertising revenue.
The users looking forward to benefiting from the offer are told to register as the app’s partner. These users are sent a link to download the app’s Windows version along with a media pack of assets. The link points towards the domain outside the control of Krita and hosts a ransomware dropper allowing the takeover of the victim’s system and files encryption, demanding a payment to reverse the process.
Warning about the attack, artist Raghavendra Kamath said that some impostors are emailing offers to artists while pretending to be a part of the official Krita team or Foundation.
The project’s maintainers also warned the users that if any mail received from the Krita team has an email address that does not end in krita.org, then they need to be aware that these are scams. They also highlighted that this leads to a ransomware attack.
Philip Hartshorn, an artist and user of the app, also stated that he almost downloaded this as it was a fairly tempting collaboration offer. It’s just that he got a chance to check the Krita Twitter and so was saved from being the victim of the attack
Another issue arises due to the fact that krita.org is the official domain for the software’s distribution. But there is a second domain krita-artists.org that is maintained by the project for its forum.
The first attack reports came nearly a month ago, but currently, there is evidence of its ongoing nature. However, most of the sites used for the attack are no longer responding.
For those who want to download the real Krita are recommended to do so from their official website. They are also advised to delete any emails that offer collaborations.