A campaign of computer viruses invests Italy in the hours in which the Immuni app is about to be made available on digital stores. To make it known with a notice Agid-Cert, the government security structure. The virus is called FuckUnicorn and spreads a ransomware (a virus that takes devices hostage and then asks for a ransom) under the pretext of downloading a file called Immune. It spreads through an email inviting you to click on a fake site that imitates that of Fofi, the Federation of Orders of Italian Pharmacists. The news was reported by Ansa.
The domain name chosen to clone the site - explains Agid-Cert in the communication of 25 May - it is similar to the real one, with the letter "l" instead of the "i" (from fofi to fofl). The ransomware downloadable from the fake site is renamed "IMMUNI.exe", once performed it shows a fake control panel with the results of the contamination from Covid-19. In the meantime, the malware encrypts the files on the victim's Windows system and renames them by assigning the extension “.fuckunicornhtrhrtjrjy”. Finally, show the classic text file with ransom instructions: the payment of 300 euros in bitcoins to free the encrypted files. The Cert-Agid explains that it has "already alerted the relevant sectors".