Russian Hackers Disguised Kelihos Trojan as Anti-Government Software
Kelihos Trojan virus is being widely distributed by hackers mostly attacking Russian nationals, making them to believe that the software is designed to attack online resources which belongs to US and Western governments. The apparently found malware appeals the victims to install the threat making them to believe that the only aim is to to retaliate against US imposed sanctions to Russia. But the fact is that, URL used in the malign message leads to Kelihos Trojan virus.
In general, Kelihos Trojan is still alive and is deployed by cyber criminals to monetize its effort. The cyber crooks only intent to earn money in any way and for this reason it would not be surprising that Russian hackers are taking interest in conflicts going in Ukraine to serve threats via links attached with the spam emails.
Behaviour of Kelihos Trojan
Kelihos Trojan is also referred as Hlux which first appeared in 2010 and was initially developed for phishing, spam and distributed denial-of-service attacks. It has been treated as the object of different take-down operations held by private security companies and law-enforcement agencies. Yet, the malware has been re-invented and is now indulged into creating new botnets. However, the last version of this particular threat has several new features such as sending spam emails, data stealing (FTP and email credentials), communicating with other infected computers, Bitcoin mining and stealing Bitcoin accounts.
The pernicious trojan virus, also creates back entrance in the compromised computer system that can be used to download more malicious files on the affected machine. Hackers are assured that they will have full control over the targeted system by this botnet. This can be achieved since additional payloads will be downloaded and executed by malicious code on the targeted computer and further it can track traffic and steal passwords for FTP, POP3 and SMTP protocol.
The main weapon of Kelihos Trojan is the appeal to the sense of curiosity and patriotic sentiments of the victims. Malware experts reveal that victims may possibly run malware on the targeted computer without being aware of the exact nature of the malware. The pesky threat is most probably sent via emails by the cyber criminals with completely different subject lines all the time appealing to the patriotic spirit of the victims. As a matter of fact, the recipients that have been attacked by this malware has an email address with .ru domain.
What Security Expert’s Have To Say About This Malware?
Security experts confirmed that Kelihos Trojan runs as bot which contacts Command & Control infrastructure over TCP on the victimized computer and sends an encrypted GET request to C2 URLs. In fact, the cyber criminals provides tips to disable antivirus program installed on the compromised computer in some of its malicious emails so as to enable installation of the malware.
According to malware research teams, this method is yet peculiar and efficient technique to deliver malware on the user’s computer who are willing to take part in the retribution campaign against those who took political or financial measures against their country.