Los cibercriminales crean canal legítimo para la propagación de Troya AZORult

Como investigados Especialistas en seguridad de Internet de la empresa Benkow, under the guise of legitimate G-Cleaner utility that is used for cleaning of disk space in Windows environment, es compartida instalador de software malicioso.

Website that offers fake application, se detectó a finales de marzo, sin embargo, todavía está disponible actualmente.

plataforma penal se ve como un recurso habitual de un desarrollador y contiene la descripción de la utilidad, license agreement and other information.

Program creators argue that it designed for removal of temporary files, damaged links and stories of browser’s cleaning.

“Even when you download and run the program, it looks like countless other homemade PC cleaners and states it will scan your computer for junk files and remove them”, — report Benkow researchers.

sin embargo, after installation on computer, G-Cleaner downloads in %Temp% folder a series of executing objects that are components of AZORult de Troya.

Azorult is a Trojan malware that tries to steal browser’s passwords, FTP clients’ passwords, carteras criptomoneda, desktop files and many other data.

Malware elements create in memory of targeted system a couple of processes and establish connection with command server. Under its command, Trojan tries coping users’ passwords, cryptocurrency wallets data, cookie files and other confidential information. Collected data is packed in Encrypted.zip archive and is send to command center. After job is finished, AZORult deletes its copy from the disk and tries to eliminate other traces of its activity on computer.

Criminal community actively uses Trojan’s code though it leaked to the Internet in the middle of the last year.

g-cleaner website
G-Cleaner website

In darkweb developed special service that allows generating executive AZORult modules in automatic mode. Intruder have only to indicate address of his command server that will be implemented in malware distributive.

Most often for spreading of data thieves use spam mailing, exploit-packs and other Trojans’ opportunities. sin embargo, sometimes cybercriminals invent unusual methods of payload delivery.

“Users should research a site before downloading and installing a program to determine if they have a good reputation and can be trusted. Even then, it is always suggested that you upload the program to a site like VirusTotal to confirm if it’s safe to run”, — advised by information security experts

Fuente: www.bleepingcomputer.com

Acerca de Trojan Killer

Trojan Killer llevar portátil en su dispositivo de memoria. Asegúrese de que usted es capaz de ayudar a su PC resistir cualquier amenaza cibernética donde quiera que vaya.

también puedes ver

MageCart en la plataforma de nube Heroku

Los investigadores encontraron Varios MageCart Web skimmers En Heroku Cloud Platform

Investigadores de Malwarebytes informaron sobre la búsqueda de varios skimmers MageCart web en la plataforma de nube Heroku …

Android Spyware CallerSpy

máscaras spyware CallerSpy como una aplicación de chat Android

expertos de Trend Micro descubrieron que el malware CallerSpy, que enmascara como una aplicación de chat y Android, …

Deja una respuesta