Trojans

JaskaGO malware is a sophisticated malware developed using the Go programming language, also known as Golang. It was first observed in July 2023, initially targeting Mac users, but has since evolved to infect both Windows and macOS systems. The malware is part of a growing trend of threats leveraging the Go programming language due to its simplicity, efficiency, and cross-platform capabilities. JaskaGO is an information stealer, meaning it excels at exfiltrating valuable information from infected systems. This data can range from browser credentials to cryptocurrency wallet details and other sensitive user files. The malware communicates with a command-and-control (C&C) server, from which it can receive various commands, including data harvesting and exfiltration. Remember, the best defense against malware is prevention. Regularly update your software, avoid downloading from untrusted sources, and maintain a reliable security solution to protect your system.

Hook Banking Trojan is a type of malware designed to steal personal information from infected users. It was developed using the source code of the ERMAC backdoor, another notorious malware. Hook is rented out by its operators at a cost of $7,000 per month. It targets a wide range of applications, particularly banking and cryptocurrency-related ones, and has been found in Google Chrome clone APKs. The malware has a wide range of functionalities, including keylogging, overlay attacks to display phishing windows over banking apps, and automated stealing of cryptocurrency recovery seeds. It also has the ability to stream the victim's screen, interact with the interface to gain complete control over the device, take photos of the victim using their front-facing camera, and steal cookies related to Google login sessions.

Bitcoin mining is a process that involves validating transactions and maintaining the integrity of the Bitcoin blockchain. Miners use complex machinery and computational power to solve cryptographic puzzles, and the first to solve a puzzle is rewarded with Bitcoin. This process is essential for the functioning of the Bitcoin network, but it has also been criticized for its environmental impact due to high energy consumption. However, the term BitCoinMiner has also been associated with a type of malware, often referred to as RiskWare.BitCoinMiner or Trojan.BitCoinMiner. This malware is used by threat actors to hijack the computational resources of infected computers to mine cryptocurrencies without the user's consent. The most common infection method for unsolicited Bitcoin miners are bundlers, but there are many other infection methods in use.

The TrickMo Banking Trojan is a sophisticated piece of malware that targets Android devices, primarily for the purpose of financial fraud. It was initially identified in September 2019 and has since evolved with enhanced functionalities, including the ability to steal screen content, download runtime modules, and employ overlay injection techniques. TrickMo is an Android variant of the TrickBot banking Trojan, which was first identified in 2016. TrickBot was originally designed as a banking Trojan to steal financial data. Over time, it has evolved into a highly modular, multi-stage malware that provides its operators a full suite of tools to conduct a myriad of illegal cyber activities. TrickMo is highly adaptable and sophisticated, with diverse capabilities. Its primary purpose is to engage in financial fraud by stealing sensitive banking information and credentials from users. This includes employing techniques like overlay attacks, screen content theft, and more.

Trojan:O97M/DPLink.A is a type of Trojan horse malware that targets Microsoft Office documents. It is a dangerous cyber threat that can perform a number of harmful actions on your computer, including tracking users, swindling personal information, connecting to remote C&C servers, and installing other malware on the system. It is known for its ability to evade detection by antivirus software, as it uses various obfuscation techniques to hide its malicious code. Removing Trojan:O97M/DPLink.A can be a complex process due to its ability to hide its files in various locations throughout the disk and make changes in the registry, networking configurations, and Group Policies. Therefore, it is recommended to use a specialized anti-malware tool for this purpose. Here is a step-by-step guide to remove Trojan:O97M/DPLink.A.

GoPIX is a malicious software specifically engineered to compromise the Pix instant payment platform. This malware functions as a clipper, redirecting transactions conducted through the Pix platform. Additionally, it operates as a conventional clipper, extending its scope to include cryptocurrency transactions. GoPIX has been in circulation since at least December 2022. Given that Pix is a payment platform established and overseen by the Central Bank of Brazil (BCB), its user base predominantly comprises Brazilian citizens. Consequently, GoPIX's activities are primarily confined to the Brazilian landscape. The GoPIX malware is a typical clipboard stealer that steals Pix "transactions" used to identify payment requests and replaces them with a malicious (attacker controlled) one which is retrieved from the C2. The malware also supports substituting Bitcoin and Ethereum wallet addresses. However, these are hardcoded in the malware and not retrieved from the C2. GoPIX can also receive C2 commands, but these are only related to removing the malware from the machine.

StripedFly is a highly sophisticated, cross-platform malware platform that has infected over a million Windows and Linux systems over a span of five years. It was initially misclassified as a Monero cryptocurrency miner, but further investigation revealed its true nature as an advanced persistent threat (APT) malware. StripedFly is a modular framework that can target both Windows and Linux systems. It has a built-in Tor network tunnel for communication with its command-and-control (C&C) server and uses trusted services like Bitbucket, GitLab, and GitHub for update and delivery mechanisms. The malware operates as a monolithic binary executable with pluggable modules, giving it operational versatility often associated with APT operations. These modules include configuration storage, upgrade/uninstall, reverse proxy, miscellaneous command handler, credential harvester, repeatable tasks, recon module, SSH infector, SMBv1 infector, and a Monero mining module. The presence of the Monero crypto miner is considered a diversion attempt, with the primary objectives of the threat actors being data theft and system exploitation facilitated by the other modules.

Lumar Stealer is a lightweight stealer-type malware written in the C programming language. It is designed to steal information such as Internet cookies, stored passwords, and cryptocurrency wallets. Lumar was first noted being promoted on hacker forums in July of 2023. The malware infiltrates systems and starts gathering relevant device data such as the device name, CPU, RAM, and keyboard layout. It primarily targets information stored on browsers, extracting Internet cookies and login credentials (usernames, IDs, email addresses, passwords, passphrases, etc.). It also targets Telegram Messenger sessions and collects information related to cryptocurrency wallets. Lumar has grabber capabilities, meaning it can download files from victims' desktops. Formats of interest include DOC, TXT, XLS, RDP, and JPG. If you suspect that your computer is infected with Lumar Stealer, it is strongly advised to use a dependable antivirus software to perform regular system scans and to remove detected threats and issues.