Cybercriminelen gemaakt legitieme kanaal voor verspreiding AZORult Trojan

As investigated Internet-security Specialists from Benkow company, under the guise of legitimate G-Cleaner utility that is used for cleaning of disk space in Windows environment, is shared malware installer.

website that offers fake application, was detected at the end of March, Echter, it is still currently available.

Criminal platform looks as a usual developer’s resource and contains description of utility, license agreement and other information.

Program creators argue that it designed for removal of temporary files, damaged links and stories of browser’s cleaning.

“Even when you download and run the program, it looks like countless other homemade PC cleaners and states it will scan your computer for junk files and remove them”, — report Benkow researchers.

niettemin, after installation on computer, G-Cleaner downloads in %Temp% folder a series of executing objects that are components of Azorult Trojan.

Azorult is a Trojan malware that tries to steal browser’s passwords, FTP clients’ passwords, cryptogeld portefeuilles, desktop files and many other data.

Malware elements create in memory of targeted system a couple of processes and establish connection with command server. Under its command, Trojan tries coping users’ passwords, cryptocurrency wallets data, cookie files and other confidential information. Collected data is packed in Encrypted.zip archive and is send to command center. After job is finished, AZORult deletes its copy from the disk and tries to eliminate other traces of its activity on computer.

Criminal community actively uses Trojan’s code though it leaked to the Internet in the middle of the last year.

g-cleaner website
G-Cleaner website

In darkweb developed special service that allows generating executive AZORult modules in automatic mode. Intruder have only to indicate address of his command server that will be implemented in malware distributive.

Most often for spreading of data thieves use spam mailing, exploit-packs and other Trojans’ opportunities. Echter, sometimes cybercriminals invent unusual methods of payload delivery.

“Users should research a site before downloading and installing a program to determine if they have a good reputation and can be trusted. Even then, it is always suggested that you upload the program to a site like VirusTotal to confirm if it’s safe to run”, — advised by information security experts

Bron: www.bleepingcomputer.com

Over Trojan Killer

Carry Trojan Killer Portable op je memory stick. Zorg ervoor dat u in staat om uw pc te weerstaan ​​elke cyberdreigingen overal mee naar toe bent.

Controleer ook

MageCart op de Heroku Cloud Platform

Onderzoekers vonden verschillende MageCart Web Skimmers Op Heroku Cloud Platform

Onderzoekers van Malwarebytes rapporteerde over het vinden van een aantal MageCart web skimmers op de Heroku cloud-platform …

Android Spyware CallerSpy

CallerSpy spyware maskers als een Android-chat-applicatie

Trend Micro deskundigen ontdekte de malware CallerSpy, waarachter een Android chat-toepassing en, …

Laat een antwoord achter