A major Trojan-horse malware family has returned with a new type of payload that seeks to use affected systems as part of an advertising scam.
Nemucod, the most active single Trojan horse so far this year, was previously used in several large spam campaigns to deploy ransomware variants including Locky and TeslaCrypt, according to IT security firm ESET.
Trojans are so called because they use a seemingly harmless file to deliver a malicious payload.
Nemucod has now returned and is delivering a backdoor called Kovter. Backdoors install a tool that allows attackers to remotely control a system without the user’s knowledge.
“The variant analyzed by ESET researchers has been enhanced by ad-clicking capability delivered via an embedded browser,” ESET said in an advisory. “The Trojan can activate as many as 30 separate threads, each visiting websites and clicking on ads.”
The backdoor monitors system performance and when the computer is idle it allocates more processor resources to its ad-clicking tools.
Like previous Nemucod variants, the malware arrives as a ZIP email attachment pretending to be an invoice and containing a malicious executable JavaScript file.
ESET recommended users set their systems to display filename extensions so that executables do not appear to be documents.
Email scanning tools can also help block such malware, ESET said.
The rapid spread of ransomware infections has been driven by the promise of quick profits, according to researchers.
Advertising revenues, besides forming another draw for malware developers, also underlie the spread of nuisance software, in which users are tricked into installing unwanted programs through bundling or misleading advertisements, according to recent research by Google.
A recent study by BT and KPMG found that computer criminals now often operate as well-organised, profit-motivated businesses, with human resources departments and large research and development budgets.
The study warned that such criminal organisations are engaged in an “arms race” with mainstream groups.
Are you a security pro? Try our quiz!
Snapchat parent Snap reports user growth, revenues in spite of tough competition, in what may…
Intel shares sag after company shares gloomy revenue predictions, as data centre chip demand hit…
Germany's Tuta Mail says Google broke EU's new DMA rules with March algorithm update that…
US auto safety regulator opens new investigation into adequacy of Tesla Autopilot recall, saying it…
Thoma Bravo agrees to acquire Darktrace for $5.32 billion in cash, delivering some welcome news…
Customer adoption of AI services embedded in cloud services continues to deliver results for Microsoft,…