Gazer
Posted: August 31, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 12 |
| First Seen: | August 31, 2017 |
|---|---|
| Last Seen: | September 23, 2020 |
| OS(es) Affected: | Windows |
Gazer is a backdoor Trojan typically used against diplomatic embassies for different governments around the world, but focusing on Europe. It may upload sensitive data from a compromised machine under various means of concealment, as well as issue other system changes, based on its remote attackers' instructions. Since this high-level threat will show minimal, if any, symptoms during its attacks, all PC users can protect themselves only with anti-malware protection capable of removing Gazer automatically.
Third Time's the Charm with the Gaze of Computer Espionage
Russia's highly active and experienced gang of Turla APT, a group of remote attackers focusing on backdoor campaigns, are updating their attacks to a new centerpiece Trojan. Previous attacks from these the con artists deployed such threatening software as Carbon and Kazuar, but recent efforts are switching to the new Gazer. This backdoor Trojan appears primed to replace the former two threats in functionality and includes advanced means of collecting data, granting remote control to its admins, and obfuscating its presence.
Gazer is compromising targets primarily in the diplomatic branches of governments belonging to Europe and ex-Soviet Union members. As usual, malware analysts can verify that email messages, designed with content for the targets in question, are the infection vectors luring victims into infecting their PCs. Gazer is the second threat that deploys after an initial one, Skipper, which serves as a Trojan dropper currently, although it also has some independent, backdoor functions. Because Gazer relies on memory injection and network encryption features heavily, it's highly resilient against casual detection and also may evade various, outdated security solutions.
While Gazer's threat actors don't use this Trojan to accomplish any of the traditional 'botnet' style mass attacks, they can exploit the resources of other compromised systems in the network to forward commands from a Command & Control server to an infected machine. Besides issuing general commands, as per most backdoor Trojans, Gazer also sees significant use as an information exfiltration tool that encrypts and uploads data from the target machine to a con artist-controlled server. The admins built the actual C&C network from hacked, proxy websites using WordPress primarily.
Staring Unblinking Back at the Eye of a Spy Warfare
PC users within the targeted sectors of government can defend themselves by running scans on any questionable email attachments they might receive and avoid clicking on suspicious hyperlinks. Infection vectors dropping Gazer may include content designed for its pertinence to the targeted user explicitly. When running, Gazer will conceal its presence within the process of another program such as 'explorer.exe.' Its file also may misidentify itself with a certificate misappropriated from a legitimate entity; malware experts can verify separate Gazer attacks using both 'Ultimate Computer Support Ltd' and 'Solid Loop Ltd,' both validated by Comodo.
Gazer includes multiple kinds of stealth features and is already noted for its long-term persistence on a compromised machine. Scan your PCs with anti-malware products regularly to identify and remove Gazer, as needed. Until otherwise determined, users also should presume that any confidential information on the PC is potentially in the ownership of the Turla hacker organization.
Gazer has few weaknesses regarding its programming, but even the most advanced Trojan campaigns need to use traditional infection methods for infecting a PC. Refraining from vetting your email inbox is never wise, and is spectacularly threatening for PC users working in as contentious a field as international diplomacy.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.