Os cibercriminosos criado canal legítimo para a propagação AZORult Trojan

Como especialistas internet de segurança investigados de empresa Benkow, under the guise of legitimate G-Cleaner utility that is used for cleaning of disk space in Windows environment, é compartilhada instalador de malware.

Website that offers fake application, foi detectada no final de Março, Contudo, ele ainda está disponível.

plataforma Criminal olha como recurso de um desenvolvedor de costume e contém a descrição da utilidade, license agreement and other information.

Program creators argue that it designed for removal of temporary files, damaged links and stories of browser’s cleaning.

“Even when you download and run the program, it looks like countless other homemade PC cleaners and states it will scan your computer for junk files and remove them”, — report Benkow researchers.

mesmo assim, after installation on computer, G-Cleaner downloads in %Temp% folder a series of executing objects that are components of AZORult Trojan.

Azorult is a Trojan malware that tries to steal browser’s passwords, FTP clients’ passwords, carteiras criptomoeda, desktop files and many other data.

Malware elements create in memory of targeted system a couple of processes and establish connection with command server. Under its command, Trojan tries coping users’ passwords, cryptocurrency wallets data, cookie files and other confidential information. Collected data is packed in Encrypted.zip archive and is send to command center. After job is finished, AZORult deletes its copy from the disk and tries to eliminate other traces of its activity on computer.

Criminal community actively uses Trojan’s code though it leaked to the Internet in the middle of the last year.

g-cleaner website
G-Cleaner website

In darkweb developed special service that allows generating executive AZORult modules in automatic mode. Intruder have only to indicate address of his command server that will be implemented in malware distributive.

Most often for spreading of data thieves use spam mailing, exploit-packs and other Trojans’ opportunities. Contudo, sometimes cybercriminals invent unusual methods of payload delivery.

“Users should research a site before downloading and installing a program to determine if they have a good reputation and can be trusted. Even then, it is always suggested that you upload the program to a site like VirusTotal to confirm if it’s safe to run”, — advised by information security experts

Fonte: www.bleepingcomputer.com

Sobre Trojan Killer

Carry Trojan Killer portátil em seu memory stick. Certifique-se que você é capaz de ajudar o seu PC resistir a quaisquer ameaças cibernéticas onde quer que vá.

Além disso, verifique

MageCart na Cloud Platform Heroku

Os investigadores encontraram vários MageCart Web Skimmers Em Heroku Cloud Platform

Pesquisadores da Malwarebytes informou sobre encontrar vários skimmers MageCart web na plataforma Heroku nuvem …

Android Spyware CallerSpy

máscaras spyware CallerSpy como uma aplicação de chat Android

Trend Micro especialistas descobriram a CallerSpy malwares, que mascara como uma aplicação de chat Android, …

Deixe uma resposta