EvilGrab
Posted: September 20, 2013
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 2/10 |
---|---|
Infected PCs: | 62 |
First Seen: | September 20, 2013 |
---|---|
OS(es) Affected: | Windows |
EvilGrab is a backdoor Trojan currently being deployed particularly against Chinese and Japanese government institutions – with the former victim being particularly interesting – since many similar attacks have been theorized to be related to the Chinese government, itself. While EvilGrab includes some advanced and innovative new features, such as being able to inject itself into the memory processes of some anti-virus programs, EvilGrab's primary goals and functions are typical for its type of attack campaign and involve the theft of confidential information by any one of several methods. SpywareRemove.com malware experts warn that audio, video and text-based data all are at risk from EvilGrab attacks and that nothing but the best anti-malware software should be used to find or delete EvilGrab from any affected PC.
EvilGrab: a Fitting Name for Another Espionage Trojan
EvilGrab is a backdoor Trojan that includes many different functions for grabbing your confidential information. However, most PC users aren't in a position to encounter EvilGrab – which is part of an attack campaign that currently appears to be targeting government systems exclusively. While China and Japan are by far the most affected by EvilGrab's attacks, EvilGrab also has been seen far abroad from Asia in other nations like Canada or South Africa.
SpywareRemove.com malware experts usually have found that backdoor Trojans of EvilGrab's ilk utilize e-mail messages to distribute themselves, and EvilGrab is another banner-carrier for that particular infection vector. Messages usually are disguised as communications from legitimate sources, but opening the attached file as requested may infect the target PC with EvilGrab. It also should be noted that many versions of EvilGrab may delete their original installers as part of their concealment strategy, which also involves injecting damaging code into the memory processes of various unrelated programs.
EvilGrab includes many of the usual spyware attacks that SpywareRemove.com malware researchers are well familiar with, such as:
- Keylogging, AKA recording your typed information to a text file.
- Capturing screenshots.
- Stealing information from social networking programs like Tencent QQ.
- Stealing information from major Web browsers (Internet Explorer) or e-mail clients (Microsoft Outlook).
- Capturing video data with Microsoft's DirectShow features. Wave API similarly is used to grab audio-based information.
Swatting the Grasp of EvilGrab Away from Your Government
EvilGrab components often are detected by aliases including BKDR_HGDER, BKDR_NVICM and BKDR_EVILOGE, and usually use DLL file formats as part of their disguises. To detect and remove all components of EvilGrab accurately, SpywareRemove.com malware researchers recommend using updated anti-malware software – preferentially software that isn't from one of the brands that EvilGrab incorporates into its injection attacks.
Because the e-mail attacks that install EvilGrab Trojans usually prefer to use Microsoft Excel, Word or Adobe PDF exploits, avoiding the use of software related to these exploits may provide some protection from EvilGrab infections. SpywareRemove.com malware researchers also recommend making sure that you scan any suspicious attachments before opening them as an easy safeguard against EvilGrab installers.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.