PsiXBot Malware Attacks With a Dangerous Sextortion Module
CYBER NEWS

PsiXBot Malware Attacks With a Dangerous Sextortion Module

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

The PsiXBot malware is an advanced threat that contains several dangerous modules that set it apart from other similar malware of its type. Among them is a sextortion blackmail component that can be very effective against its intended victims. The security analysis of the captured samples shows that it is distributed via several high-impact campaigns, including the Spelevo Exploit Kit.




Sextortion Campaigns Launched By PsiXBot Malware

The PsiXBot malware is a very dangerous threat in an ongoing campaign campaign made by an unknown hacking group. They are using an updated version of the malware engine and use a sophisticated infection technique. A large part of the attacks are performed by using the Spelevo Exploit Kit. This is a hacking tool that allows the hackers to coordinate mass e-mail based campaigns and the creation of fake phishing sites.

Related: Windows Update Abused To Deliver The Stealth Falcon Malware

What’s dangerous about this particular threat is that the newer versions use a DNS Resolution that is carried out over a secure HTTPS connection. This means that the local client module will safeguard its connection and impersonate safe traffic. This makes it significantly harder to detect running infections. The addresses of the command and control servers are hardcoded and in the samples and encoded using a special algorithm. In order not to raise any awareness the servers are not probed by a network “ping” — this is the most common technique used to check if a server is operating. As soon as the infection is done and the hacker-controlled server connection is initiated the local client will allow the remote attackers to trigger the available modules. In the last few versions the following have been found:

Download and Execution, Execute, Get Installed Software, Get Outlook Credentials, Get List of Running Processes, Get Stealler Cookies, Get Stealler Passwords, Self-Deletion, Start Complex Module, Start Cryptocurrency Module, Start FG Module, Start Keylogger, Start New Complex Module, Start Porn Module and the Start Scheduler Module.

The Porn Module is a specially designed component which will monitor the users activity and see if they are accessing any porn-related sites or content. This is done by surveying the users activity and comparing it to a built-in dictionary of terms. This will lead to a triggering of user recording (both audio and video). The collected data will be sent to the hackers. With the material available the criminals will blackmail the victims for financial gain.

These attacks are rated as very dangerous and all computer users are urged to protect themselves by employing advanced anti-malware solutions.

Avatar

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts - Website

Follow Me:
TwitterGoogle Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...