Malware News Windows Trojan Logs Your Keystrokes, Takes Snapshot of Your Desktop

A

Alkajak

Thread author
Content source
http://news.softpedia.com/news/windows-trojan-logs-your-keystrokes-takes-snapshot-of-your-desktop-503779.shtml
When security researchers discover over 310,000 new malware variants per day, they're bound to stumble upon a dangerous threat once in a while, not just adware, clickfraud, and droppers. The most recent example is BackDoor.Apper, a new spyware variant discovered by Russian security firm Dr.Web.

The company's security experts say this new trojan is distributed via email spam that contains a Microsoft Excel file attachment. When opened, this file will attempt to trick users into enabling the macro feature.

If macros are enabled, the Excel file contains code that downloads a self-extracting RAR file from the Web, unpacks it, and executes the files found inside it.

BackDoor.Apper sends stolen data to a C&C server
As usual with most malware families these days, the first thing it will do is to contact its C&C server. In its first communications, BackDoor.Apper collects information about the local system and sends it to the server.

This information includes data such as computer name, hardware specifications, and hard disk usage statistics. The user's MAC address is also used to generate a unique ID in order for the crook's botnet to distinguish between infected victims.

After this, the truly malicious behavior begins, and BackDoor.Apper starts collecting keystrokes from active windows. The keystrokes are logged locally, along with the name of the window from where they've been collected. At regular intervals, the trojan sends the data to its master's server.

The trojan can also execute code on your computer
Besides this, the trojan can also execute various other operations based on instructions it receives from its C&C server. BackDoor.Apper can download files from the server, launch them into execution, create a list of files found inside a folder and send it to the server, and also steal & upload any file the C&C server deems important.

Further, the trojan can also take snapshots of the user's desktop, and also watch a designated folder for new activity and notify the malware operator.

Dr.Web researchers didn't say if BackDoor.Apper was discovered as part of an APT's malware arsenal or as part of a financially-motivated cyber-crime group's activity, but it surely looks like it has the features to satisfy both use case scenarios.
 
  • Like
Reactions: harlan4096, Jrs30, frogboy and 1 other person
omidomi

omidomi

Level 71
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Apr 5, 2014
6,008
Backdoors are typically designed to execute cybercriminals’ commands on the infected machine. As a rule, they are used to gain a remote access to the user’s private information. Recently, Doctor Web security researchers have discovered yet another representative belonging to the mentioned category—BackDoor.Apper.1.

The Trojan is distributed via a dropper in the form of the Microsoft Excel file with a special macros. This macros collects a self-extracting archive by bytes and runs it. The archive consists of an executable file, which has a valid digital signature registered to Symantec, and a dynamic library, in which all the main functions of the Trojan are implemented. BackDoor.Apper.1 registers the executable file in autorun. Once launched, this file loads the malicious library into the memory of the infected computer.



BackDoor.Apper.1 is mainly designed to steal files from the machine. When the malicious application is registered to autorun, the Trojan removes the original file.

After being launched, BackDoor.Apper.1 acts as a keylogger—logs key strokes and records them into an encrypted file. In addition, the Trojan can monitor the file system. If the computer has a configuration file containing paths to folders whose status is to be monitored by the Trojan, BackDoor.Apper.1 logs all changes of these folders and sends them to the server.

Before connecting to the server, the backdoor collects the following data on the infected computer: its name, version of the operating system, and information about the processor, RAM, and drives. This information is then transmitted to the server. After that, the Trojan gathers more detailed data on the computer’s drives, which is sent to cybercriminals, together with the kelogger file. BackDoor.Apper.1 then waits for commands from the server.

To receive instructions, the Trojan sends a special request to the server. Upon a command, the malware can send a particular file or information about the specified folder, to delete or rename a file, to create a new folder, and to take a screenshot and send it to attackers.

Dr.Web successfully detects and removes BackDoor.Apper.1, and, therefore, this malicious program poses no threat to our users.
 
  • Like
Reactions: Der.Reisende and harlan4096
You must log in or register to reply here.

Similar threads

[correlate]
    • +Reputation
    • Like
Security News Undetected Android Spyware Targeting Individuals In South Korea
Replies
0
Views
1,703
Security News
[correlate]
[correlate]
Gandalf_The_Grey
    • Wow
    • Like
    • Applause
Security News French police push PlugX malware self-destruct payload to clean PCs
Replies
0
Views
2,361
Security News
Gandalf_The_Grey
Gandalf_The_Grey
S
    • Like
Question Hash of Official KTS 21.3 exe (installer)
Replies
15
Views
585
Kaspersky
Studynxx
S

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top