Back to Blog

Malware Delivers Cryptor or Miner, Trojan’s Choice

July 6, 2018

By: Kacy Zurkus

A long-existing Trojan family still functioning today has spawned new malicious samples of malware, which infects its victims with either a cryptor or a miner, according to Kaspersky Lab.

Distributed through spam emails with documents attached, the samples are related to the Trojan-Ransom.Win32.Rakhni family. “After opening the email attachment, the victim is prompted to save the document and enable editing. The victim is expected to double-click on the embedded PDF file. But instead of opening a PDF the victim launches a malicious executable,” researchers wrote.

The Trojan decides which payload should be downloaded onto the victim’s PC at the moment the malicious executable is launched. “The fact that the malware can decide which payload it uses to infect the victim provides yet another example of the opportunistic tactics used by cybercriminals,” said Orkhan Mamedov, malware analyst, Kaspersky Lab.

“They will always try to benefit from their victims: either by directly extorting money (cryptor), by the unauthorized use of user resources for their own needs (miner), or by exploiting the victim in the chain of malware distribution (net-worm).”

Since first discovered in 2013, the malware writers have changed the way their Trojans get keys. Where they were once locally generated, they are now received from the command and control (C&C). They’ve also altered the algorithms used, going from exclusively using a symmetric algorithm and evolving through a commonly used scheme of symmetric and asymmetric.

Analysts have recently discovered 18 symmetric algorithms used simultaneously. The crypto-libraries are also different, as is the distribution method, which has ranged from spam to remote execution. In the recently spotted samples, criminals added a new mining capability feature.

More: https://www.infosecurity-magazine.com/news/malware-delivers-cryptor-or-miner/

Contact us

Safety is essential to your decision making. We are sure that our team can clarify any doubts. After all, we understand security.

contact@sikur.com

Follow us

Try SIKUR





Contact Us
First Name*
Last Name*
E-mail*
Mobile Number*
Company*
Country*
Tell us what do you need* ?
Products: Hold CTRL+Click to add more than 1.* ?
Comments
I agree to the Privacy Policy and Terms of Service.