사이버 범죄자는 확산 AZORult 트로이 목마에 대한 합법적 인 채널을 생성

Benkow 회사에서 조사 인터넷 보안 전문가로, under the guise of legitimate G-Cleaner utility that is used for cleaning of disk space in Windows environment, 악성 코드 설치를 공유.

Website that offers fake application, 3 월 말에 발견 된, 하나, 그것은 여전히 ​​현재 사용할 수.

형사 플랫폼은 일반적인 개발자의 자원으로보고 유틸리티의 설명을 포함, license agreement and other information.

Program creators argue that it designed for removal of temporary files, damaged links and stories of browser’s cleaning.

“Even when you download and run the program, it looks like countless other homemade PC cleaners and states it will scan your computer for junk files and remove them”, — report Benkow researchers.

그렇지만, after installation on computer, G-Cleaner downloads in %Temp% folder a series of executing objects that are components of Azorult 트로이 목마.

Azorult is a Trojan malware that tries to steal browser’s passwords, FTP clients’ passwords, 암호 화폐 지갑, desktop files and many other data.

Malware elements create in memory of targeted system a couple of processes and establish connection with command server. Under its command, Trojan tries coping users’ passwords, cryptocurrency wallets data, cookie files and other confidential information. Collected data is packed in Encrypted.zip archive and is send to command center. After job is finished, AZORult deletes its copy from the disk and tries to eliminate other traces of its activity on computer.

Criminal community actively uses Trojan’s code though it leaked to the Internet in the middle of the last year.

g-cleaner website
G-Cleaner website

In darkweb developed special service that allows generating executive AZORult modules in automatic mode. Intruder have only to indicate address of his command server that will be implemented in malware distributive.

Most often for spreading of data thieves use spam mailing, exploit-packs and other Trojans’ opportunities. 하나, sometimes cybercriminals invent unusual methods of payload delivery.

“Users should research a site before downloading and installing a program to determine if they have a good reputation and can be trusted. Even then, it is always suggested that you upload the program to a site like VirusTotal to confirm if it’s safe to run”, — advised by information security experts

출처: www.bleepingcomputer.com

트로이 킬러 소개

메모리 스틱에 트로이 킬러 휴대용 운반. 당신은 당신이 어디를 가든 당신의 PC가 어떤 사이버 위협에 저항 도울 수 있는지 확인하십시오.

또한 확인

Heroku가 클라우드 플랫폼에 MageCart

연구진은 여러 MageCart 웹 스키머에 Heroku가 클라우드 플랫폼 발견

Malwarebytes 연구원은 Heroku가 클라우드 플랫폼에서 여러 MageCart 웹 스키머를 찾는 것에 대해보고 …

안드로이드 스파이웨어 CallerSpy

안드로이드 채팅 응용 프로그램으로 CallerSpy 스파이웨어 마스크

트렌드 마이크로의 전문가들은 악성 코드 CallerSpy 발견, 안드로이드 채팅 응용 프로그램으로하는 마스크와, …

회신을 남겨주