#SquirtDanger – a new malicious member in The malware family- intended to Loot and Steal.

TOPICS :   Cyber Security
Aug 10 , 2018 7 min read 1665 Views Likes 0 Comments
#SquirtDanger – a new malicious member in The malware family- intended to Loot and Steal.

Perpetually, malware is a bugbear for the embedded web world. It's been upsurging rapidly. Numerous creators are working backend to develop destructive digital armaments. Apart from the existing alarming malware targeting to loot the users as well as the businesses, new and lethal members are joining the lineup.

SquirtDanger is a new join in the malware community. Typically meant for looting the user data and information. Especially, it is a treat for the virtual wallets. SquirtDanger is developed on the DLL platform. It is crafted by the copious Russian malware scribers “TheBottle”, reportedly.

The infamous malware developer “TheBottle” are diligently working further developing new members in their family. Odysseus project, Evrial, Ovidiu Stealer are few on the list.

SquirtDanger born and brought up in commodity botnet malware community, SquirtDanger is armed with numerous peculiarities as well.

  • Take screenshots
  • Delete malware
  • Send file
  • Clear browser cookies
  • List processes
  • Kill process
  • List drives
  • Get directory information
  • Download file
  • Upload file
  • Delete file
  • Steal wallets
  • Steal browser passwords
  • Swap identified wallets in the victim’s clipboard
  • Execute file

SquirtDanger is framed with C# sharp programme with layers of embedded codes. It communicates through the 119 exclusive C2 servers and sends the data to the desired location. Once the programme has been installed and starts the function as effectuated from the exact location, it creates a new mutex to ensure only one malware is running at a time. The investigators dig out two mutexes predominantly on all samples, named as, Aweasome, DentiBotnet.

 It is packed with all sort of equipment to unlock the secure vaults. In addition, it steals the passwords from the browser storage as well.

A set of researchers in PaloAlto networks endeavored to extract the root through numerous modes. Later, analysis on 400 SquirtDanger they pulled out embedded identifier. They found it's been placed in GitHub respiratory.

Subsequently on further investigation, found a group of cyber outlaws helping mutually to develop malicious codes, attacks, and trading botnets and malware from Russia. A group of 900 persons are aiding each other to break the cyber tranquility, reported by a Telegram channel. Moreover, few copious actors are also suspicious in developing and selling malware then underground market.


More In Cyber Security