Still missing details on how this qualifies as an APT, this seems nothing more than a basic trojan horse unless Kaspersky is for whatever reason neglecting to talk about whatever persistence mechanisms it has in place beyond the basics (startup entry of some form).<p>Malware explicitly targeting crypto software is scary regardless, however.
Seems like there could be a use for a distributed service that automatically checks the signature of common downloaded executables --especially for in Microsoft world. It's not enough for vendors to simply put the signature on their website.
Since the article mentions nothing about veracrypt I assume veracrypt downloads/mirrors for windows users were unaffected. Does anyone know if this is true?
Personally the only site I'll trust downloads of Truecrypt is GRC (Gibson Research Corporation) in US: <a href="https://www.grc.com/misc/truecrypt/truecrypt.htm" rel="nofollow">https://www.grc.com/misc/truecrypt/truecrypt.htm</a>