Do you know what questions to ask when you're looking for an IT firm? We're here to help. Get the free guide delivered right to your inbox:
The Governmental Computer Emergency Response Team of Ukraine CERT-UA received information on the distribution of e-mails on the topic "Free primary legal aid" and the attachment "Algorithm of actions of members of the family of a missing serviceman LegalAid.rar", which is protected by a password addresses in the domain gov.ua (probably compromised).
Analysis of the content of the messages indicate a link to a malicious program. The malware can be controlled by a remote server through its unique identifier, allowing attackers to customize the malicious code. Thus, technical measures will not work in any situation.
The purpose of Trojan is to gain unauthorized access to authorized computers and install on them numerous programs that allow hackers to download data from infected computers and transmit them over the Internet, and steal information about users' personal life via e-mail, steal logins credentials for remote access systems and other valuable data .
The Trojan connects to a remote server and sends the following information: the username, computer name, workgroup, domain name and its details. If successful, the network card is then connected to an IRC server and prepared for further commands. The Trojan then attempts to get by the user's name and password of the remote service, which allows you to intercept all traffic on this computer through services like TeamViewer or Remote Desktop Connection (RDP) with a stolen login information.
In addition, the malware can steal data from web browsers and email clients at any time. Also, hackers may have access to financial information from online banking applications and our other confidential data stored on the infected computer (documents in PDF format).