EvilGrab Malware Attacked Computers in Asia-Pacific Region - Trend Micro

Threat analysts of security firm Trend Micro recently highlighted a new malware family, dubbed EvilGrab, which is mainly being used to steal information from infected computers. The malware has been found targeting mainly Chinese (36%) and Japanese (16%) organizations with 89% of victims are from the government sector.

Researchers of Trend Micro reveal that cybercriminals are spreading the malware with the help of spear phishing e-mails carrying malware-ridden 'Microsoft Office' documents.

One executable (.exe) file and two .dll (Dynamic Link Library) files represent EvilGrab's main components. The .exe files install the other parts and one of the .dll files is the chief backdoor component which is loaded by the other .dll file. In some scenarios, the .exe file is deleted after installation which is done to cover its tracks.

Once EvilGrab is installed, it starts embezzling information. It is named EvilGrab because it is capable of grabbing 'audio' and 'video' files played on the system with the aid of standard Windows APIs (application programming interface).

Further, it can log keystrokes, take screenshots, and pilfer credentials of IE (Internet Explorer) and Microsoft Outlook. Security experts of Trend Micro highlight that the embezzled credentials is uploaded to a server controlled by the cybercriminals.

Interestingly, EvilGrab has some exclusive behaviors when it discovers certain installed apps (applications). Firstly, it is clearly designed to whip information from 'Tencent QQ' which is a Chinese IM (instant messaging) application and uploads the entire memory employed by QQ. This may disclose the insides of talks or the associates of user's contact listing.

It (referring to EvilGrab) will try to instill itself into the procedures of certain security products. In the absence of such products, it will infuse itself into usual Windows system processes. Kaspersky, McAfee and ESET have all been beleaguered by 'EvilGrab' for process injection.

The malware also has backdoor abilities that allow a hacker to conduct wide range of commands on the affected machine and grants them absolute control over a machine tainted with 'EvilGrab'.

Security experts advise to scan the system with a good quality of anti-virus software to remove the malware.

» SPAMfighter News - 10/4/2013