Jump to content

This malware will take screenshots, steal your passwords and files - and drain your cryptocurrency wallet


tao

Recommended Posts

'SquirtDanger' is distributed to users to deploy as they see fit - and attacks have been carried out around the world.

 

A new strain of malware allows hackers to take action screenshots and steal passwords, to download files and even steal the contents of cryptocurrency wallets.

 

Named 'SquirtDanger' after a dynamic-link library (DLL) file consistently served by its distribution servers, the malware is written in C Sharp and has multiple layers of embedded code. The malware is set up to perform its tasks on an infected PC every minute in order to hand the attacker as much information as possible.

 

Uncovered by Palo Alto Networks Unit 42 researchers, the malware has infected individuals and organisations around the world, including a Turkish university, an African telecommunications company and a Singaporean internet service provider.

 

Given SquirtDanger is for sale for any user who wants to buy it, so no specific industry is under attack. But those who do opt to make use of it have a large box of malicious tricks at their disposal.

 

Attackers gain access to a wide variety of functions through the malware, including taking PC screenshots, sending, downloading and deleting files, and stealing passwords. Other functions include swiping directory information and potentially taking the contents of cryptocurrency wallets using switch tactics similar to those found in ComboJack malware.

 

"Being infected with any type of malware represents significant danger to an individual or victim, however, because of the large list of capabilities this malware family includes, it would certainly be very bad for the victim," Josh Grunzweig, senior malware researcher in the Unit 42 team at Palo Alto Networks told ZDNet.

 

As a form of commodity malware, it's the choice of the criminal as to how they deliver the malicious software to victims. However, researchers said one of the most observed means of delivery has been through trojanised software downloads.

 

With the malware particularly potent, it might be expected that it would be the work of an organised cybercriminal gang, but Unit 42 has traced the development of the malicious application to the work of a single author.

 

"It represents the work of an individual who has developed malware for quite some time, and is familiar with both malware development, as well as the current trends on the criminal underground," said Grunzweig.

 

The researchers say the developer is based in Russia and has been active on global underground markets for many years.

 

In total, researchers have uncovered 1,277 unique SquirtDanger samples across a number of campaigns tied to 119 unique C2 servers that were geographically dispersed, but with hubs in France, Netherlands, French Guinea and Russia. However, these figures might not represent the whole picture.

 

"There is always the possibility that many more malware samples from this family may exist in the wild," said Grunzweig

 

< Here >

Link to comment
Share on other sites

  • Replies 6
  • Views 579
  • Created
  • Last Reply
16 hours ago, virge said:

This why you need Malwarebytes installed on your pc.

And, you know that MBAM will detect this? It's quite possible it doesn't, at least yet anyways.

Link to comment
Share on other sites

What is this useless news? New definition of virus? :chair: They are thousands! No need to know any of them until you get it.

Link to comment
Share on other sites

Quote

that is this useless news? New definition of virus? :chair: They are thousands! No need to know any of them until you get it.

What a stupid thing to come out with are you sure...News is all part of our forums...

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...