Tomcat
Professional
- Messages
- 2,687
- Reaction score
- 1,036
- Points
- 113
Cybereason specialists studied the Phoenix malware that appeared this summer and is a hybrid of a keylogger and an info-stealer. The malware spreads according to the MaaS (malware-as-a-service) model and is already responsible for 10,000 infections.
Since Phoenix is sold as a subscription product, prices range from $ 14.99 per month to $ 78.99 for a lifetime subscription.
Phoenix Control Panel
Cybereason analysts write that Phoenix is the development of an experienced malware writer. Apparently, it was originally created by the creator of the malware Alpha Keylogger, who died earlier this year.
Over the past few months, Phoenix has evolved from a simple keylogger into a multifunctional Trojan designed to steal information (info-stealer). While the first versions of the malware provided only the ability to intercept keystrokes, newer versions of malware steal passwords from nearly twenty different browsers, four email clients, FTP clients and instant messengers. In addition, malware can steal data from the clipboard, take screenshots, and download additional malware.
Information stolen from victims is transmitted to malware operators via SMTP, FTP or Telegram.
Phoenix also acquired aggressive anti-virus and VM modules that try to prevent malware detection and analysis. Both modules work in the same way: they try to terminate a number of processes before the malware resumes its work by checking a predefined list of names. This list includes the names of over 80 well-known security products and virtual machines that are often used for reverse engineering and malware analysis.
Analysts point out that Phoenix could use its capabilities to achieve a permanent presence in the system, but its operators are of little interest. According to researchers, malware is more often used as a one-time solution for data theft and is not used for long-term monitoring of victims. In a few seconds after infection, Phoenix steals all the necessary confidential data and on this its function is performed. The information stolen in this way is most often sold by criminals on the darknet.
(c) xakep.ru
Since Phoenix is sold as a subscription product, prices range from $ 14.99 per month to $ 78.99 for a lifetime subscription.
Phoenix Control Panel
Cybereason analysts write that Phoenix is the development of an experienced malware writer. Apparently, it was originally created by the creator of the malware Alpha Keylogger, who died earlier this year.
Over the past few months, Phoenix has evolved from a simple keylogger into a multifunctional Trojan designed to steal information (info-stealer). While the first versions of the malware provided only the ability to intercept keystrokes, newer versions of malware steal passwords from nearly twenty different browsers, four email clients, FTP clients and instant messengers. In addition, malware can steal data from the clipboard, take screenshots, and download additional malware.
Information stolen from victims is transmitted to malware operators via SMTP, FTP or Telegram.
Phoenix also acquired aggressive anti-virus and VM modules that try to prevent malware detection and analysis. Both modules work in the same way: they try to terminate a number of processes before the malware resumes its work by checking a predefined list of names. This list includes the names of over 80 well-known security products and virtual machines that are often used for reverse engineering and malware analysis.
Analysts point out that Phoenix could use its capabilities to achieve a permanent presence in the system, but its operators are of little interest. According to researchers, malware is more often used as a one-time solution for data theft and is not used for long-term monitoring of victims. In a few seconds after infection, Phoenix steals all the necessary confidential data and on this its function is performed. The information stolen in this way is most often sold by criminals on the darknet.
(c) xakep.ru
