Megumin Trojan
The Megumin Trojan is a cyber-threat that has been sold on underground hacking forums since early 2018. However, it never gained much popularity until recently – apparently, the spike in the Megumin Trojan’s popularity coincided with the release of an updated version of this threat. The new version is also written in C++, and it packs an interesting list of features that would allow its operator to steal clipboard data, execute Distributed-Denial-of-Service (DDoS) attacks, mine for cryptocurrency, execute DOS commands, load other files onto the compromised system and collect files from victims.
The authors of the Megumin Trojan have implemented some basic checks to reduce the chances that the Trojan will be run in a debugging environment, therefore making it more difficult for malware researchers to dissect and examine it slightly. Upon launch, the Megumin Trojan may check the titles of currently opened Windows to look for commonly used malware debugging tools – IDA, OllyDbg, ImmunityDebugger, Wireshark, HTTP Analyzer and others. In addition to this, it checks a specific field of data in the Process Environment Block that may give out the presence of a debugging environment.
The Megumin Trojan acquires persistence by creating a scheduled Windows task, as well as by modifying the Windows Registry. The remote attacker can control it with the use of a series of commands that allow them to take advantage of all of the Megumin Trojan’s features.
The ability to run miners on infected computers and collect/replace clipboard data certainly seems like the features with the biggest potential – the Megumin Trojan supports AMD and NVIDIA GPU mining, as well as CPU mining. It can monitor the clipboard for wallets linked to a broad range of cryptocurrencies, and replace the wallet with the one configured by the attacker. Last but not least, the ‘Clipper’ module of the Megumin Trojan also is used to modify transactions linked to QIWI, Ya.money, Ya.disk, VK.cc and Steam.
The rich list of features and the convenient online control panel turns the Megumin Trojan into a threat to be very wary of, especially since any criminal with some money in their pocket can start using it. We advise you to take the required steps to eliminate security risks, as well as to install a suitable anti-virus software suite that will keep you safe from potentially harmful files and connections.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.