Category Archives: Backdoors
GoldBrute
If your remote desktop connection is vulnerable, GoldBrute can breach it without much trouble. The attackers behind this infection definitely do not need to do a thing as the threat is calibrated in a way that it would create new victims as it moves along. Unfortunately, many Windows users opt to use simple password and username combinations, and that is why cybercriminals are so successful. If your password and username combo is easily guessable, RDP login can be brute-forced by malware, and then the attackers, potentially, have full access to your entire operating system. ...
VBShower
VBShower is a backdoor that is a new tool used by Cloud Atlas to attack and spy on government organizations in multiple countries. Cloud Atlas is a threat group that has been around for five years now, and they always come back with new tools to steal more information.
Due to the fact that VBShower and Cloud Atlas mainly target official institutions, VBShower is not something that individual desktop users should worry about (unless you are a government employee and you open your emails at home). Nevertheless, the persistence of this infection is enough to force us to revaluate our cybersecurity habits. ...
TONEDEAF
TONEDEAF is a malicious backdoor application targeted at oil/gas, government, and energy/utilities industries. It seems the malware was created in Iran as the country has a critical need for strategic intelligence due to geopolitical tensions in the Middle East. Thus, it is another malicious application that is unlikely to be received by regular home users. In this report, we discuss its capabilities, possible distribution channels, and its deletion. If you are interested in learning how a threat like TONEDEAF could be eliminated manually, you should have a look at the deletion instructions placed at the end of this article. ...
Plurox
Plurox is a highly capable backdoor infection that needs no permission to settle in, connect to the Internet, restart with the system, use a victim’s computer to mine cryptocurrencies, etc. Therefore, we highly recommend deleting this malicious application at once if you detect it on your system. Our researchers say users should be able to remove Plurox manually, although the task might not be the easiest. To complete it, victims need to find malicious executable files that could have random names. If this task is a bit too complicated, do not hesitate to employ a reliable security tool instead as well as leave us a comment below requiring for more assistance. ...
Misleading Emails Help Cyber Criminals Spread Rising Sun
Nuclear, energy, defense, and financial institutions have been hit by Rising Sun, clandestine backdoor malware that was created to slither into a vulnerable system and drain off sensitive and confidential information. The infection was first discovered in October of 2018, but it is impossible to say if it could be stopped. The good news is that with more information emerging about this malware, companies have better chances of protecting their systems against it. Unfortunately, it is hard to say how the malicious code of this threat could be updated, and even what form the threat could show up in next. It is believed that the backdoor was created using the malware code of Trojan.Duuzer, which was active in 2015. All in all, it is important to delete Rising Sun in whichever form it appears in, and it is also important to secure the operating system. If the right security steps are not taken, another backdoor could be employed for cyber criminals to exploit in no time. ...
Datper
Do you know what a backdoor is? It is the kind of malware that opens a clear path for cyber attackers to do whatever they want. Datper is that kind of malware. It is the descendant of Daserf, which is another backdoor that was re-written in Delphi after being initially coded in Visual C. The newer backdoor is also Delphi-coded. Needless to say, they are similar. Unfortunately, these backdoors are not used on their own; although they do have some functionality. Instead, the attackers behind them are also employing other malicious threats. ...
Backdoor.Athena
Backdoor.Athena is a backdoor Trojan usually described as a “beacon loader.” According to documents leaked by WikiLeaks, this malicious application was developed by the CIA in cooperation with Siege Technologies. The company is based in New Hampshire, U.S, and presents itself as “an advanced research and development company” that focuses on developing “offensive and defensive cyber security technologies.” Even though technical documents related to Backdoor.Athena have become public recently, it is not hard to notice that they are dated between September 2015 and February 2016, which is a clear sign that Backdoor.Athena has been active since 2015. ...
Ghostadmin
Ghostadmin, also known as Backdoor.GhostAdmin, is a dangerous threat used by cyber criminals to record all kinds of details about users and spread malicious software. It has been discovered by malware analysts recently (on the 17th of January, 2017) and it has managed to affect only a small number of users as of now. Unfortunately, it seems that two of these victims are big companies storing hundreds of gigabytes of extremely valuable information on their computers. It is just a start, according to experienced specialists specializing in cyber security. It is because Ghostadmin seems to be a reworked version of well-known malware CrimeScene which was prevalent several years ago. ...
Backdoor.andromeda
The research shows Backdoor.andromeda is still active as the malware’s creators continue to distribute it through different malicious web pages. This infection is extremely dangerous since it might not only help the cyber criminals gain remote access to the system but also ability to use your computer for malicious activities. Needless to say that if it managed to enter the system, removing this threat should be your top priority task. Below the article, you will find our recommended deletion steps, but you should use them only if you have experience with threats alike and know what you are doing. ...
Ploutus
Ploutus is the name of sophisticated malware that was first detected by security specialists in 2013. It affected a number of ATMs in Mexico back then, so it is considered extremely dangerous. Fortunately, it seems that it is no longer widely employed by crooks these days. Sadly, it does not mean that administrators of ATMs can perform a happy dance because the entire situation might dramatically change soon because a new version of this dangerous malicious application has been developed recently, meaning that Ploutus is back! Since it works slightly differently this time, it has received a new name Ploutus-D. ...
