Blocked by the brand’s innovative security solutions, the malware exhibits advanced attack methodology
Pune, July 23, 2018: In a breakthrough which highlights how rapidly the threat landscape is evolving, leading enterprise security solutions provider Seqrite has broken the existence of a highly-sophisticated Trojan dropper targeting businesses which delivers both ransomware and cryptomining payloads. The multipurpose ransom-miner was detected by Seqrite experts when they observed a series of evolved malware blocked by the brand’s state-of-the-art security solutions at the customers’ end.
The ransom-miner delivers GandCrab ransomware and Monero Cryptominer malware onto compromised systems, amongst other infected files and scripts. It also tries to perform various malicious activities by connecting to one or more Command and Control (CnC) servers. Researchers at Seqrite consider the latest threat to be part of a sustained campaign targeting end-users with multipurpose attacks comprising multiple malware.
Speaking on the discovery, Sanjay Katkar, Joint Managing Director and Chief Technology Officer, Quick Heal Technologies, said, “We have raised multiple alerts about the growing number of cryptojacking attacks, and have been talking about a possible evolution of the threat which can deliver both cryptomining and ransomware payloads. The discovery of this new Trojan dropper further underlines the need for greater security awareness and more robust security solutions. With our state-of-the-art malware detection and security mechanisms, we have blocked these threats from compromising the security profile of our enterprise customers. We will continue to study the malware and its various strains in order to devise more robust security strategies to continue protecting Seqrite customers against this new threat,” Sanjay added.
What’s interesting about the latest threat identified by Seqrite is the level of sophistication that it exhibits. Launched through a PE32 executable file for Microsoft Windows, the ransom-miner is encrypted and contains high-entropy data. Once the infected file is downloaded, the malware decrypts some of the code and one compressed PE file. The control passes on to the decrypted code post decryption, which decompresses the PE file in memory and overwrites the parent process memory. This decompressed file is the main malware file and performs further activity once executed.
Moreover, the malware compares 16 process names to identify the presence of VMware, VirtualBox, and related components. It also checks for the Sandbox by verifying the presence of “sbiedll.dll”. If it identifies the existence of a virtual environment, the malware stops its activity by calling for the ‘ExitProcess’ function and stops its current running processes.
Seqrite advises enterprises to adopt a multi-layered approach by deploying robust security solutions that protect all endpoints, networks and systems from advanced cyber-threats. It is also recommended to conduct regular security assessments of the organization’s IT infrastructure, implement regular updates and patches and educate employees on the importance of cybersecurity.
About Seqrite:
Seqrite is the Enterprise Security solutions brand of Quick Heal Technologies Ltd. Launched in 2015, Seqrite solutions are defined by innovation and simplicity. A combination of intelligence, analysis of applications and state-of-the-art technology, Seqrite is designed to provide continuous and better protection for enterprise corporate customers.
Seqrite portfolio of solutions includes Endpoint Security, Mobile Device Management (MDM), Unified Threat Management (UTM) and data protection technologies like Encryption and Data Loss Prevention (DLP). In addition, Seqrite Services provides comprehensive cybersecurity consulting services to Corporates, PSUs, Government and Law Enforcement Agencies.
About Quick Heal Technologies Ltd
Quick Heal Technologies Limited is one of the leading providers of IT security software products and solutions in India. Incorporated in 1995 with a registered office in Pune, Quick Heal has a network of over 22,000 channel partners as on 31st March 2018. It conducts sales and marketing activities across India.
Quick Heal’s portfolio includes solutions under the widely recognized brand names ‘Quick Heal’ and ‘Seqrite’ across various operating systems and devices.
For more information about the Company, please visit our website www.quickheal.co.in