Fake copyright infringement warnings used to distribute ransomware



Technical writers review products independently. To help support our mission, we may earn affiliate commissions from the links contained on this page.

Recently Techlicious received a handful of posts in our comments section claiming that one of our images violated copyright. We take copyright very seriously, so these posts immediately caught my attention. But what I found could have been a lot worse – there was no copyright issue, it was a trick to trick us into installing a ransomware Trojan that could have disrupted our business significantly.

Fortunately, I know very well how to recognize malware and scams in general. But it would be easy for someone who is not technically sophisticated to be fooled by these hackers and put their company’s systems at risk.

Here are some sample posts we received in Techlicious comments [with Google Site URL removed]:


My name is Jessica.

Your website or a website hosted by your business infringes copyrighted images that I own.

Check out this document with links to my images you used on www.techlicious.com and my previous posts for proof of my copyright.

Download it now and check it out for yourself:


I believe you have willfully violated my rights under 17 USC Section 101 et seq. and could be liable for legal damages of up to $ 150,000, in accordance with section 504 (c) (2) of the Digital Millennium Copyright Act (“DMCA”).

This letter is an official notification. I request the removal of the infringing material referenced above. Please note that as a service provider, the Digital Millennium Copyright Act requires you to remove or disable access to infringing material upon receipt of this notice. If you do not stop using the above copyrighted material, legal action will be taken against you.

I have a good faith belief that use of the copyrighted material described above as allegedly infringed is not authorized by the copyright owner, its agent, or the law.

I swear, under penalty of perjury, that the information in the notice is accurate and that I am the copyright owner or authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.

Best regards,
Jessica martin



This is Melangelle and I am a graduate photographer and illustrator.

I was taken aback, to put it mildly, when I came across my images on your website. If you use a copyrighted image without an owner’s permission, you should be aware that you could be sued by the owner.

It is not legal to use stolen images and it is so nasty!

Check out this document with links to my images you used on www.techlicious.com and my previous posts for proof of my legal copyright.

Download it now and check it out for yourself:


If you do not remove the images mentioned in the above file in the next few days, I will let your host know that my copyright has been seriously infringed and that I am trying to protect my intellectual property.

And if that doesn’t help you believe me, I’ll take it to court! And I won’t give you any further notice.

At first glance, this sounds pretty scary and is likely to cause many site owners to click on the link to learn more about the details of the charge. When you do, you will receive a web page with a link to file your “Proof of Copyright Infringement”.

In the version of the scam we received, the download is a .zip file that contains a javascript (.js) file called “Copyright Infringement Evidence.js”. I executed the file through Virus Total and it came back as a backdoor Trojan – identified as js.Trojan.Cryxos.5779 and JS / Kryptik.BXN – which can be used to install ransomware and others. malicious programs. Only 8 of Virus Total’s 61 malware scanning engines detected it (BitDefender, Emsisoft, eScan, ESET-NOD32, FireEye, GData, MAX, NANO-Antivirus), which means it currently has strong chances of getting through most malware protections.

Screenshot of Virus Total scan results from Copyright Infringement Evidence.zip file showing only 8 of 61 scan engines recognizing ransomware: BitDefender, Emsisoft, eScan, ESET-NOD32, FireEye, GData, MAX, NANO- Anti-virus

[EDITOR’S NOTE 8/12/2021: recent versions of this attack sent in by users are even more effective at evading antimalware protection. One sample was only picked up by a single vendor, NANO-Antivirus, a Russian-based antimalware organization, as Trojan.Script.Heuristic-js.iacgm. See: https://www.virustotal.com/gui/file/f2eeebca7c5d232cb4dce3698339a587ae6dc7cc98906d86573fe09a196ed95e/detection]

Although this ransomware attack was directed at Techlicious via site comments, I can easily see the same method of attack attempted via email [EDITOR’S NOTE 5/13/21: readers are reporting in the comments below that the hackers are submitting these attacks through site Contact Us forms, as well.]. So, it is an important reminder to be especially careful when downloading files from third parties or unknown sites, and never attempt to open a file with a .js or .exe extension unless you are familiar with it. exactly what it is and where it came from. To learn more, read our 5 tips to protect yourself against ransomware. You can also report the malware page to Google’s malware reporting tool.

If you have received a similar message (on your site or via email), please post it in the comments below. [with the malware URL and any contact information redacted] so others will find it when searching on Google and avoid the risk of compromising their systems.

[Updated 5/25/2021 with information on Google malware reporting]

[Image credit: Smartphone on keyboard via BigStock Photo, screenshots via Techlicious]

Josh Kirschner is the co-founder of Techlicious and has been covering consumer tech for over a decade. Prior to founding Techlicious, he was Marketing Director for Inform Technologies, a start-up provider of semantic technology to media companies. Prior to Inform, Josh was Senior Vice President and General Manager in the financial services industry. Josh started his first business while still in college, a student-focused consumer electronics retailer.


Leave A Reply

Your email address will not be published.