Saturday, 3 September 2016
3 comments

Betabot Trojan Steals Your Passwords And Install Ransomware To Monetize

Betabot Trojan Steals Your Passwords And Install Ransomware To Monetize


Betabot Trojan Steals Your Passwords And Install Ransomware To Monetize.


Betabot was delivered by Neutrino Exploit Kit. The IP used for both Betabot and Cerber is 93[.]174.91.49.  A virustotal report on this IP provides additional details here.  A screenshot below highlights the multiple filenames used between Betabot and Cerber. Invincea described in its blog,
Server IP used to download Betabot and Cerber malware

You can see in image Betabot weaponized documents have been found bb.exe (bb denoting betabot), bbcrypt.exe, and diablo.exe.

How this attack work?

Betabot spread through spam emails contained a file attachment, a Word file contain malicious macro scripts. In Microsoft office user activated macro support then scripts automatic download and install Betabot to infect your computer. And then scrapes all passwords stored in all local browsers.

According to report of Invincea, Cyber attacker maximizing the profits from an endpoint compromise, earning much larger payout by using multiple attack techniques.

Conclusion:

  • Never open unknown file attachment in Email.
  • Beware from Social Engineering attack.

3 comments:

  1. This comment has been removed by the author.

    ReplyDelete
  2. Their motivation is to serve as an update that there are not kidding issues happening in your framework while a specific program is being "run". This is frequently because of the way that there is a ton of programming present on your PC registry the PC can't work at ideal levels in light of the fact that these projects are clashing with each other bringing about runtime blunders.https://how-to-remove.org/malware/flooders-removal/

    ReplyDelete

 
Toggle Footer
Top