One Fresh Trojan Attacks Skype Users, Takes Screengrabs, Intercepts Chat Sessions
Security researcher have just discovered one complicated backdoor Trojan that attacks Skype, seizing audio, video as well as chat messages; even as it takes screengrabs along with filching files prior to transmitting the entire data onto its remote controller. The Trojan known as T9000 comes through an evolutionary process from a previous backdoor known as T5000 that was noticed during 2013 and 2014 as it attacked the automotive sector, human rights advocates as well as the various Asia-Pacific country governments.
Currently according to the researchers at Palo Alto Networks a security company, T9000 just became noticeable within spear phishing electronic mails that U.S. organizations received. Nevertheless, the Trojan is sufficiently versatile for getting utilized vis-à-vis any target that its creator wishes to infect. It is compromising PCs via malevolent RTF files that leverage twin vulnerabilities namely CVE-2015-1641 and CVE-2012-1856 for gaining hold of the target computer. If compared with T5000, T9000 holds far greater complexities while security analysts of the new backdoor assert that its owners have done extensively for making it unidentifiable. Hackread posted this dated February 7, 2016.
Moreover, T9000 is characterized with an installation process conducted via several phases. The malware, prior to each phase, checks if any malware analysis software is present even as 24 security programs namely DoctorWeb, INCAInternet, Sophos, TrustPortAntivirus, Comodo, Baidu, BitDefender, AVG, GData, Panda, McAfee, VirusChaser, Norton, Kingsoft, Trend Micro, AhnLab, Filseclab, Micropoint, Avira, Tencent, JiangMin, Qihoo 360, Rising and Kaspersky too exist.
A 3rd module namely ghnj.dat poses maximum risk as it lets the command and control server towards issuing instructions to every PC as well as command T9000 for creating, deleting or moving 'files & directories;' performing encryption of host computer's data as well as replicating user's clipboard. Indeed according to researchers of Palo Alto, the T9000 creator appears an absolute professional. They state that this backdoor's author has done tremendously for eluding getting detected even as bypassing the community of malware analysts' scrutiny.
Earlier during December 2015, one malware disseminating scheme had the identical Admin@338 APT connected with it as the assault leveraged Dropbox A/Cs for harboring its command and control servers.
» SPAMfighter News - 2/12/2016