By Luke Leal – Over the past few weeks, we’ve seen an increase in Troldesh ransomware using compromised websites as intermediary malware distributors.

The malware often uses a PHP file that acts as a delivery tool for downloading the host malware dropper: This type of infected URL is usually spread through malicious emails or through services like social media.

Once a victim clicks the URL and loads it, a JScript file downloads to the victim’s computer. This malware targets Windows OS, which uses JScript: ./Подробности заказа ОАО Авиакомпания Уральские авиалинии.js

The JScript filename is written in Russian and translates to “Details of the order of JSC Airline Ural Airlines”, indicating that attackers may have been attempting to spoof this airline company to trick victims. Read On: