Malware News SquirtDanger: The Swiss Army Knife Malware from Veteran Malware Author TheBottle

[TairikuOkami]

Content source

https://researchcenter.paloaltonetworks.com/2018/04/unit42-squirtdanger-swiss-army-knife-malware-veteran-malware-author-thebottle/

SquirtDanger is a commodity botnet malware family that comes equipped with a number of characteristics and capabilities. The malware is written in C# (C Sharp) and has multiple layers of embedded code. Once run on the system, it will persist via a scheduled task that is set to run every minute. SquirtDanger uses raw TCP connections to a remote command and control (C2) server for network communications.

In total, we saw 1,277 unique SquirtDanger samples used across multiple campaigns. SquirtDanger is likely delivered via illicit software downloads also known as “Warez”.

In the case of stealing passwords from browsers, a number of browsers are supported, including the following:

• Chrome
• Firefox
• Yandex Browser
• Kometa
• Amigo
• Torch
• Opera

SquirtDanger comes with a wealth of functionality, including the following:

• Take screenshots
• Delete malware
• Send file
• Clear browser cookies
• List processes
• Kill process
• List drives
• Get directory information
• Download file
• Upload file
• Delete file
• Steal wallets
• Steal browser passwords
• Swap identified wallets in the victim’s clipboard
• Execute file

 

[TairikuOkami]

In the case of stealing passwords from browsers

Whenever I think about saving passwords in the browser, something like this pops up, so I am like, nevermind.