Cyberkriminelle skabt legitime kanal for spredning AZORult Trojan

Som undersøgte Internet-sikkerhed specialister fra Benkow selskab, under the guise of legitimate G-Cleaner utility that is used for cleaning of disk space in Windows environment, deles malware installatør.

Website that offers fake application, blev opdaget i slutningen af ​​marts, imidlertid, det er stadig aktuelt tilgængelige.

Criminal platform ser ud som en sædvanlig udviklers ressource og indeholder beskrivelse af ledningsnet, license agreement and other information.

Program creators argue that it designed for removal of temporary files, damaged links and stories of browser’s cleaning.

“Even when you download and run the program, it looks like countless other homemade PC cleaners and states it will scan your computer for junk files and remove them”, — report Benkow researchers.

alligevel, after installation on computer, G-Cleaner downloads in %Temp% folder a series of executing objects that are components of AZORult Trojan.

Azorult is a Trojan malware that tries to steal browser’s passwords, FTP clients’ passwords, cryptocurrency tegnebøger, desktop files and many other data.

Malware elements create in memory of targeted system a couple of processes and establish connection with command server. Under its command, Trojan tries coping users’ passwords, cryptocurrency wallets data, cookie files and other confidential information. Collected data is packed in Encrypted.zip archive and is send to command center. After job is finished, AZORult deletes its copy from the disk and tries to eliminate other traces of its activity on computer.

Criminal community actively uses Trojan’s code though it leaked to the Internet in the middle of the last year.

g-cleaner website
G-Cleaner website

In darkweb developed special service that allows generating executive AZORult modules in automatic mode. Intruder have only to indicate address of his command server that will be implemented in malware distributive.

Most often for spreading of data thieves use spam mailing, exploit-packs and other Trojans’ opportunities. imidlertid, sometimes cybercriminals invent unusual methods of payload delivery.

“Users should research a site before downloading and installing a program to determine if they have a good reputation and can be trusted. Even then, it is always suggested that you upload the program to a site like VirusTotal to confirm if it’s safe to run”, — advised by information security experts

Kilde: www.bleepingcomputer.com

Om Trojan Killer

Carry Trojan Killer Portable på din memory stick. Vær sikker på, at du er i stand til at hjælpe din pc modstå eventuelle cyber trusler, hvor du går.

Tjek også

MageCart på Heroku Cloud Platform

Forskere har fundet flere MageCart Web Forplove On Heroku Cloud Platform

Forskere ved Malwarebytes rapporteret om at finde flere MageCart web skummere på Heroku cloud-platform …

Android Spyware CallerSpy

CallerSpy spyware masker som en Android chat applikation

Trend Micro eksperter opdagede malware CallerSpy, hvilke masker som en Android chat program og, …

Efterlad et Svar