A trojan that evades security products and stole data

Spymel, a new Trojan discovered by Zscaler (a US-based cyber-security vendor), reaches computer through spam emails and remain undetected from security products.

This Trojan is attached to emails as an archive file. Once it is downloaded and decompressed, the archive file starts executing a JavaScript file that downloads and installs the actual malware executable, a .NET binary.
It is notion that the  archive file does not contain the malware, so the antivirus products fails to flag the danger. .Net binary is also not detected because of the  digital certificate that is issued by  SBO INVEST via DigiCert.

According to Zscaler  Spymel infections was  first detected in early December 2015. As soon as they informed the case to DigiCert and had the certificate revoked. But the group behind Spymel quickly updated their certificate
.
Spymel can act like a malware payload downloader , make screenshots of a user's desktop, record videos of the desktop, log keystrokes, and upload stolen data to a remote server.

Spymel is a perfect example of  malware, where malware can use archive files boobytrapped with JavaScript code and digital certificates to hide.
Category:

Share this with Your friends: