#SquirtDanger – a new malicious member in The malware family- intended to Loot and Steal.

Aug 10 , 2018 7 min read 1530 Views 4 Likes 0 Comments

Perpetually, malware is a bugbear for the embedded web world. It's been upsurging rapidly. Numerous creators are working backend to develop destructive digital armaments. Apart from the existing alarming malware targeting to loot the users as well as the businesses, new and lethal members are joining the lineup.

SquirtDanger is a new join in the malware community. Typically meant for looting the user data and information. Especially, it is a treat for the virtual wallets. SquirtDanger is developed on the DLL platform. It is crafted by the copious Russian malware scribers “TheBottle”, reportedly.

The infamous malware developer “TheBottle” are diligently working further developing new members in their family. Odysseus project, Evrial, Ovidiu Stealer are few on the list.

SquirtDanger born and brought up in commodity botnet malware community, SquirtDanger is armed with numerous peculiarities as well.

Take screenshots
Delete malware
Send file
Clear browser cookies
List processes
Kill process
List drives
Get directory information
Download file
Upload file
Delete file
Steal wallets
Steal browser passwords
Swap identified wallets in the victim’s clipboard
Execute file

SquirtDanger is framed with C# sharp programme with layers of embedded codes. It communicates through the 119 exclusive C2 servers and sends the data to the desired location. Once the programme has been installed and starts the function as effectuated from the exact location, it creates a new mutex to ensure only one malware is running at a time. The investigators dig out two mutexes predominantly on all samples, named as, Aweasome, DentiBotnet.

It is packed with all sort of equipment to unlock the secure vaults. In addition, it steals the passwords from the browser storage as well.

A set of researchers in PaloAlto networks endeavored to extract the root through numerous modes. Later, analysis on 400 SquirtDanger they pulled out embedded identifier. They found it's been placed in GitHub respiratory.

Subsequently on further investigation, found a group of cyber outlaws helping mutually to develop malicious codes, attacks, and trading botnets and malware from Russia. A group of 900 persons are aiding each other to break the cyber tranquility, reported by a Telegram channel. Moreover, few copious actors are also suspicious in developing and selling malware then underground market.