Home > Cyber News > CHIMBORAZO Hackers Deploy The GraceWire Trojan Using New Method
CYBER NEWS

CHIMBORAZO Hackers Deploy The GraceWire Trojan Using New Method

The CHIMBORAZO hacking group which is an experienced criminal collective has devised a new infection method delivering the GraceWire Trojan. The hacking group is now able to deploy the malware using a technique that can automated security analysis.




The GraceWire Trojan Is Delivered With a Novel Technique By The CHIMBORAZO Hackers

One of the recent malware which has been featured in ongoing attacks is the GraceWire Trojan. The criminal group which is responsible for the campaign is CHIMBORAZO which is known by security experts for being an experienced collective. The security reports indicate that the beginning of the attacks were detected in early June this year and resurged this week when newer samples have been found. The method of infection is still email messages which may include SPAM or phishing content which means that the criminals can send out messages in bulk.

Related: [wplinkpreview url=”https://sensorstechforum.com/remove-gracewire-trojan/”]Remove GraceWire Trojan From Your PC

The contents of the messages includes either a redirect link or a malware HTML attachment, when they are opened or accessed by the users will lead to the Trojan deployment page. One of the distinct features of this attack is that the landing page will contain a CAPTCHA prompt. This is a novel feature as such pages are usually part of legitimate services and online sites. When the CAPTCHA form is validated a Microsoft Excel document will be loaded which contains malicious macros. When the document is opened by the program a prompt will be shown asking the users to enable the scripts. If this is done the Trojan will be downloaded from a remote server and run on the local computers.

The GraceWire Trojan is one of the advanced malware of the Trojan category which have been detected for the first time in January 2020. Back then it was delivered using the Necurs botnet, one of the long-time used weapons of criminal groups. It is capable of not only overtaking control of the victim machines, but also to hijack user information and deploy additional viruses. GraceWire can also be programmed to manipulate sensitive configuration files leading to sabotage and severe performance issues.

Avatar

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...