![]() Trojans like this one will extract cookies, bookmarks, history, preferences and even stored account data. The main engine is capable of retrieving contents from the installed web browsers. The connection to the hacker-controlled server will be persistent - data flow will be constant with information. This is to spy on the activities of the victims and acquire their account credentials and information that can expose their identity.Īpart from activating the keylogger function the dangerous code will also schedule the creation of screenshots which will be reported to the hacker operators. When the environment has been prepared accordingly the Phoenix Keylogger will activate its main function - the automatic recording of user input (both keyboard and mouse events). It is programmed to scan for the presence of virtual machine hosts and other programs that can block the normal operation of the viruses. The unpacked files will then run a built-in sequence that will start a security bypass operation. The conducted analysis on one of the captured samples shows that the main engine comes encrypted and will be decrypted by the initial infection engine. Whatever distribution method is chosen by the hackers the virus infection will be started immediately. File-Sharing Networks - The executable files can be easily uploaded to various networks like BitTorrent where both legitimate and pirate data is commonly found.Phishing Sites - The criminals can create dangerous sites that imitate well-known companies or services.Malware Bundle Installers - The hackers can create malware setup bundles of popular applications which are often installed by the end users.Usually in their contents the virus file will be attached or linked. Email Phishing Messages - The criminals can craft emails that appear as legitimate notifications that have been sent by well-known companies or services that they are using.As it is mainly a Keylogger there are several likely methods that can be used by the hackers: The security analysis on the detected samples does not indicate which is the primary distribution method. ![]() It can be categorized as an advanced Trojan due to the complex behavior it exhibits. As more information becomes available we will update the article. ![]() At this time there is no information regarding the criminals and their experience. The Phoenix Keylogger is a virus threat that contains several malicious components and is distributed via an unknown hacking group.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |