Rurktar Malware : Spying Trojan Again Targeting Russian PCs
A massive campaign identified in Russia, associated with Spying Trojan known as “Rurktar Malware”. According to security week, the malware is discovered as Spyware family that appear for cyber espionage which is still under development stage. The malware tool has not had all of its functionality implemented yet but it is not safe as intended for use in targeted spying operations. The tool could be used for reconnaissance operation to spy on compromised computers users and also steal or upload files.
The security analyst reveals that the malware Rurktar Malware discovered in Russia initially. Researchers found some of its internal error message are written in Russian language and to access tool remotely they use IP address are located in the same country. By this way malware researchers found its origin because it is strong sign for them to recognized easily. Additional the Rurktar Malware funcionality allow it to perform reconnaissance of a network infrastructure and verify whether a target PC is reachable or not. In it attack the malware also take screen shots of an compromised PC’s Desktop and also download specific files from a target system. There might be possible the Trojan can delete files from the target machine and can also upload files to it.
The threat developers uses a wrapper called Snow.exe which checks whether admin privileges are available or not and executes Rurktar Malware. The Trojan virus also execute a new process of itself to ask the user for admin privileges if needed. The Rurktar can also used to enumerate user names, computer name, Operating System version, get the current preferences the threat is actively using. It also terminate running process which hampers target PC a lot. To gain persistence, the spyware installs a new service called RCSU which is started automatically after system reboot. The cyber hacker or criminals behind the malware may have shared the Dropbox Folder by mistake which is used as a backup archive for the temporary files.
Sources : https://www.gdatasoftware.com
The IP address linked to it, have been used for testing purpose only. Even the IP address used for remote access are expected to see increased diversity and to expand beyond the Russian space. Furthermore, a great deal of other functions haven’t been implemented yet as CaptureStart, CaptureMode, CaptureStopProcess1, ProxyEnabled, SkipFrames, DetectionPreBuffer, VideoCap, DefPass, MaxCaptureFrames, DetectPorog, SendOriginPreviews, WatchFiles, ControlExt, ScreenshotAutoCapture, WatchProc, ScreenshotPause and several others more.
According, to current scenario this Rurktar Malware Spying Trojan is steadily increasing its number of victim specially in Russia region, through its phishing site portal in order to get and steal huge information and files which is uploaded. Although, it is tough to say exact number of victim as their IP address and Windows address is still unidentified.
This article is only written with aim to inform you about this dreadful Rurktar Malware Spying Trojan which has been become big terror among Russian Internet Users.