![]() “The author of this backdoor has gone to great lengths to avoid being detected and to evade the scrutiny of the malware analysis community. The experts at Palo Alto sustain that the backdoor was developed by skilled professionals due to the evasion technique implemented by the malicious code. Create/delete/move, encrypt files and directories, and copy the user’s clipboard). The vnkd.dat component is loaded to steal files on the infected computer, meanwhile the third module qhnj.dat implements backdoor functionalities to control the local file system (i.e. Tyeu.dat is the component that implemented the features to spy on Skype conversations, when hooking into the Skype API, the victim is presented with the message “explorer.exe wants to use Skype.” Theis Skype module can record both audio and video conversations, spy on text chats and take regular screenshots of video calls. The researchers at Palo Alto Networks have identified three main plugins in the T9000 backdoor: It checks before for the presence of defense solutions and malware analysis tools including Sophos, INCAInternet, DoctorWeb, Baidu, Comodo, TrustPortAntivirus, GData, AVG, BitDefender, VirusChaser, McAfee, Panda, Trend Micro, Kingsoft, Norton, Micropoint, Filseclab, AhnLab, JiangMin, Tencent, Avira, Kaspersky, Rising, and Qihoo 360.Īt first stage of the infection the T9000 backdoor collects information on the target system and sends it to the C&C server, then the control infrastructure sends specific command to the bot based on the characteristic of the infected machine. The backdoor uses a multistage execution flow, which starts when victims opens an RTF file that contained exploits for specific vulnerabilities (i.e. The T9000 was used by threat actors to targets organizations worldwide, the researchers observed it used in multiple targeted attacks against US organizations. The malware goes to great lengths to identify a total of 24 potential security products that may be running on a system and customizes its installation mechanism to specifically evade those that are installed.” states a blog post published by PaloAlto Networks. “In addition to the basic functionality all backdoors provide, T9000 allows the attacker to capture encrypted data, take screenshots of specific applications and specifically target Skype users. The T9000 backdoor was spotted by researchers at Palo Alto Networks, it appears as a hybrid variant of another malware dubbed T5000 that was detected in the wild two years ago. The T9000 backdoor discovered by PaloAlto Networks is able to infect victims’ machines to steal files, take screengrabs, and records Skype conversations.Ī new threat is targeting Skype users, it is a backdoor trojan dubbed T9000 that is able to infect a victim’s machine to steal files, take screengrabs, and record conversations.
0 Comments
Leave a Reply. |