Windows Trojan Logs Your Keystrokes, Takes Snapshot of Your Desktop!!

Think twice before opening any attachment received with spam emails!!
May contains malicious script to take logs of your keystrokes and screenshots of your sensitive information.

A new trojan is distributed via email spam that contains a Microsoft Excel file attachment. When opened, this file will attempt to trick users into enabling the macro feature.
If macros are enabled, the Excel file contains code that downloads a self-extracting RAR file from the Web, unpacks it, and executes the files found inside it.

BackDoor.Apper sends stolen data to a C&C server
As usual with most malware families these days, the first thing it will do is to contact its C&C server. In its first communications, BackDoor.Apper collects information about the local system and sends it to the server.
This information includes data such as computer name, hardware specifications, and hard disk usage statistics. The user’s MAC address is also used to generate a unique ID in order for the crook’s botnet to distinguish between infected victims.
After this, the truly malicious behavior begins, and BackDoor.Apper starts collecting keystrokes from active windows. The keystrokes are logged locally, along with the name of the window from where they’ve been collected. At regular intervals, the trojan sends the data to its master’s server.

 

BKDR_BLACKEN_B


The trojan can also execute code on your computer

Besides this, the trojan can also execute various other operations based on instructions it receives from its C&C server. BackDoor.Apper can download files from the server, launch them into execution, create a list of files found inside a folder and send it to the server, and also steal & upload any file the C&C server deems important.
Further, the trojan can also take snapshots of the user’s desktop, and also watch a designated folder for new activity and notify the malware operator.

Sharing is caring!

Leave a Reply

Your email address will not be published. Required fields are marked *

*