The Social-Injector attack is a cyberattack using the Social-Injector ransomware that occurred from 5 September 2013 to Till Now.

The attack utilized a trojan spyware that targeted computers, Tabs, Phones running Microsoft Windows Android Phones and Apple Devices

and was believed to have first been posted to the Internet on 5th June 2018.

Social Injector Highly Effect On Platform are:-

No Anti-Virus Work on this Social Injector

Impact on Social Accounts and User Privacy.

  • [1] Impact on Social Accounts and User Privacy.

It has Ability to roam on the Internet Specially on Social Sites or Accounts such as facebook, Linkedin, Instagram, Twitter, Whatssapp

It gets downloaded automatically on user Devices such as Laptop Desktop Tablets (Ipad) and Smart Phones. (Apple Android Both)

It may come while clicking on diffrent posts or link on social sites or clicking on junk Emails.

  • [2] Impact on Email and Personal Data

It propagated via infected EMAIL attachments, and via an existing Gameover ZeuS botnet. Its a chain link which spread one device to

another device network peer to network peer Router to Router (IP to IP Address)

  • [3] When activated, it start searching for important data of user such as Social Accounts passwords and user name


 Social Injector Virus typically propagated as an attachment   to a seemingly innocuous e-mail message, which appears to   have been sent by a legitimate company.[4] A ZIP file   attached to an email message contains an executable file   with the filename and the icon disguised as a PDF file,   taking  advantage of Windows’ default behaviour of hiding   the extension from file names to disguise the real .EXE   extension.  Social Injector Virus was also propagated using   the Gameover ZeuS trojan and botnet.[5][6][7] When first   run, the payload installs itself in the user profile folder, and   adds a key to the registry that causes it to run on startup.

Takedown and recovery of files


While security software is designed to detect such threats, it might not detect Social Injector Virus at all, or only after encryption is underway or complete, particularly if a new version unknown to the protective software is distributed.[17] If an attack is suspected or detected in its early stages, it takes some time for encryption to take place; immediate removal of the malware (a relatively simple process) before it has completed would limit its damage to data.[18][19] Experts suggested precautionary measures, such as using software or other security policies to block the  Social Injector Virus payload from launching.[1][6][7][9][19] Due to the nature of  Social Injector Virus’s operation, some experts reluctantly suggested that paying the ransom was the only way to recover files from  Social Injector Virus in the absence of current backups (offline backups made before the infection that are inaccessible from infected computers cannot be attacked by  Social Injector Virus).[4] Due to the length of the key employed by  Social Injector Virus, experts considered it prac


In December 2013, ZDNet traced four bitcoin addresses posted by users who had been infected by  Social InjectorBomb Virus, in an attempt to gauge the operators’ takings. The four addresses showed movement of 41,928 BTC between 15 October and 18 December, about US$27 million at that time.[10] In a survey by researchers at the University of Kent, 41% of those who claimed to be victims said that they had decided to pay the ransom, a proportion much larger than expected; Symantec had estimated that 3% of victims had paid and Dell SecureWorks had estimated that 0.4% of victims had paid.[22] Following the shutdown of the botnet that had been used to distribute  Social InjectorBomb Virus, it was calculated that about 1.3% of those infected had paid the ransom; many had been able to recover files which had been backed up, and others are believed to have lost huge amounts of data. Nonetheless, the operators were believed to have extorted a total of around $3 million



The success of  Social Injector spawned a number of unrelated and similarly named ransomware trojans working in essentially the same way,[23][24][25][26] including some that refer to themselves as ” Social Injector”—but are, according to security researchers, unrelated to the original  Social Injector.[27][28][26] In September 2018, further clones such as CryptoWall and TorrentLocker (whose payload identifies itself as ” Social Injector”, but is named for its use of a registry key named “Bit Torrent Application”,[29] began spreading in Australia; the ransomware uses infected e-mails, purportedly sent by government departments (e.g. Australia Post to indicate a failed parcel delivery) as a payload. To evade detection by automatic e-mail scanners that can follow links, this variant was designed to require users to visit a web page and enter a CAPTCHA code before the payload is actually downloaded. Symantec determined that these new variants, which it identified as ” Social Injector.F”, were not tied to the original.