January 22, 2019

Downloader Trojans are used to upload another malware to a victim’s device. Trojan.DownLoad4.11892 is no exception. When installed it downloads malicious software to steal private data from cryptocurrency holders.

In Autumn 2018 cryptocurrency mining enthusiasts began noticing messages suggesting they install a tool for monitoring cryptocurrency prices. The app developers promised a certified, trusted and free widget. At first glance, this program doesn’t raise any suspicions. It has a valid digital signature and works exactly as promised. But behind this seemingly flawless functionality, there’s a hidden catch: it will steal your private data.

Upon installation, the program compiles and runs malicious code downloaded from the developer’s personal Github account. Once completed, it uploads Trojan.PWS.Stealer.24943, also known among malware developers as AZORult, to a victim’s device. This Trojan allows cybercriminals to steal a vast amount of private data, including passwords from cryptocurrency wallets.

In most cases encountered by Doctor Web researchers, this malware was distributed in English on forums dedicated to cryptocurrency mining. It was seen less often on Polish and Russian forums dedicated to the same subject.

At present, the Trojan is still available on several file exchanges, as well as on the Github account mentioned earlier. Dr.Web products successfully detect and remove this type of malware. That said, our cybersecurity researchers strongly advise you to timely renew your anti-virus subscription and install all the latest updates.

Find out more about this Trojan

#cryptocurrency #mining #Trojan