Ghostboard pixel Skip to content

Ransomware Disguised as Open-Source Krita Painting App Promo Video

Ransomware attacks are exponentially increasing. And, the way it gets distributed evolves every day.

One of the most effective ways is by using reputable brand names to lure users into downloading malicious files that may end up encrypting your files and demand a ransom.

And, in this case, some scammers have started using Krita’s name to deceive users through email.

Spreading Malware via Email as Krita Officials

The attackers disguise themselves as the team for Krita, one of the best digital open-source painting app.

The email mentions that Krita wants to collaborate with your YouTube channel or your social media space to share promotional videos about their software/product.

And, they mention that this is a paid advertising campaign, so you think you are getting a reward for promoting Krita.

Here’s how the email looks like (as shared by Krita on Twitter):

Once you show interest in promoting Krita, they send you a follow-up mail instructing you to download a press kit containing screenshots, videos, and other materials.

The link may look similar to the official one like,, etc.

In a detailed video shared by a Twitter user, you can see that the link they share is malicious and sometimes goes undetected by Google’s safe browsing feature:

While I agree that this is not the best attempt to distribute malware, not everyone is as attentive as this user here.

Never Trust an Email Without Proper Verification

It is easy for attackers to send you emails that you expect or something that may spark an interest in your work.

Scammers do their homework to know what you like, but always stay cautious no matter what or who appears to be sending the email.

If an email explicitly asks to enter your personal information, download an attachment, or visit a website to download a file, you need to double-check if it comes from an official source.

Generally, officials do not ask you to download any file or personal information unless you took action first. So, it is always wise to think twice and run a background check for what you interact with via emails.

More from It's FOSS...