Javascript-Based Trojan Disguised As Game Cheats By Attackers


Researchers have made a recent discovery on a modular
downloader Trojan based on a new Javascript, disguised and circulated to
target as game cheats by means of websites and owned by its designers.
They found that the Trojan dubbed as MonsterInstall —
utilizes Node.js to execute itself especially on the victim’s machines.
Found by Yandex, the malware was sent over to Doctor Web’s
research team for further investigation together with a little extra data on
how the Trojan sample was distributed.
The MonsterInstall downloader Trojan after launch is known
to ‘gain persistence’ by adding itself to the already infected computer’s
autorun to naturally be launched after the machine is rebooted.
It begins by gathering the system information and sends it
to its command and-control (C&C) server, “In response, it receives
links to the Trojan’s worker and updater modules, unpacks them and installs
them into the system.”
“When users attempt to download a cheat they download a
password-protected 7zip archive to their computers , inside which there is an
executable file; which upon launch, downloads the requested cheats alongside
other Trojan’s components,” says Doctor Web.
The Trojan at that point grabs every one of the segments it
needs, to play out its pernicious undertakings with the crypto mining module
being downloaded as xmrig.dll that will end xmr, xmr64, and windows-update
processes it discovers running on the compromised system.
“Developers of this malware own several websites with
game cheats, which they use to spread the malware, but they also infect other
similar websites with the same Trojan. According to SimilarWeb’s statistics,
users browse these websites at least 127,400 times per month,” also note
the Doctor Web researchers.
The gamers however have been quite recently being focused
upon by the attackers yet this isn’t the first time and it beyond any doubt
isn’t the last as well. For instance, the cybercriminals have used the
pernicious game servers to endeavor to infect CS 1.6 players utilizing game
client vulnerabilities just as to advance different servers for money.
Despite the fact that Doctor Web had the option to bring
down the domains utilized by the Trojan to send gamers to the fake servers with
the assistance of the REG.ru domain name registrar, safety measures are at any
rate prescribed to the present and active users.

Don't forget to share

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *