Home Malware Programs Trojans Mousetrap Trojan

Mousetrap Trojan

Posted: March 22, 2012

Threat Metric

Threat Level: 8/10
Infected PCs: 316
First Seen: March 22, 2012
Last Seen: August 2, 2021
OS(es) Affected: Windows

The Mousetrap Trojan is a Trojan that's disguised as a fake Flash update and serves as one of multiple PC threats that are used to distribute multiple types of banker Trojans. Since Mousetrap Trojan is inserted into websites in the form of malicious Java applets, Mousetrap Trojan can be hosted on innocent websites that have been hacked, as well as by intentionally harmful sites. Symptoms of Mousetrap Trojan's actions are essentially nonexistent, since Mousetrap Trojan limits its attacks to installing a second Trojan, that, in turn, installs a banking Trojan and then deletes itself. The banking Trojan is selected from one of a dozen hard-coded possibilities, but will always try to steal bank-related information, such as your bank account password, clandestinely. SpywareRemove.com malware experts note the importance of avoiding suspicious Flash updates, since avoiding Mousetrap Trojan's delivery method is noticeably easier than deleting the banking Trojan that Mousetrap Trojan helps to install onto your PC. If you think you have been infected by a Mousetrap Trojan-related Trojan, it's recommended that you disinfect your PC with a qualified anti-malware program and speak to your bank about further security measures.

Mousetrap Trojan – Just the Humble Start of a Series of Disasters for Your PC's Privacy

The Mousetrap Trojan is distributed throughout various sites while being disguised to look like yet another Flash update from Adobe. However, the Mousetrap Trojan actually is written in Java, and, hence can be avoided completely if you disable JavaScript or don't have it installed on your PC. SpywareRemove.com malware researchers note that selectively disabling Java is a feature for most popular web browsers and that many anti-malware programs possess additional features that can detect unauthorized downloads and malicious software like the Mousetrap Trojan.

If you try to install the Mousetrap Trojan's fake update, instead of getting a new version of Flash, you'll wind up with another Trojan. This Trojan downloader is designed to install one of multiple types of banking Trojans and then remove itself to avoid potential detection. SpywareRemove.com malware analysts have found that although the list of banking Trojans is hard-coded, these Trojans are able to update themselves from various servers and may not be detectable unless your anti-malware programs are, likewise, updated. Mousetrap Trojans are identified by the label Trojan.Downloader.Java.OpenConnection.BA, while the temporary Trojan bears the name Trojan.Generic.KD.218227.

Sparing Your Bank Account from the Sting of the Mousetrap Trojan

The eventual payload that Mousetrap Trojan is designed to sneak onto your computer involves attacks that can steal personal information directly from your bank account – this can include injecting spyware code into normal bank sites or redirecting you to phishing sites that are designed to resemble legitimate websites. Due to the negligible symptoms banking Trojans create, SpywareRemove.com malware experts suggest that you avoid entering personal information on your PC until you're certain that your anti-malware products have completely deleted all traces of the Mousetrap Trojan's banking Trojan.

After you've removed the Trojan in question, you may also want to contact your bank for further advice on how to protect your bank account. If any information is stolen from your PC prior to the Trojan's deletion, your account can still be targeted by attacks from Mousetrap Trojan's hacker partners.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



C:\Users\<username>\AppData\Roaming\37cd4b27d0fdba7a6001bd8c6f8cbd08bc0805a532e861be7aa3af288af0fc4b.js File name: 37cd4b27d0fdba7a6001bd8c6f8cbd08bc0805a532e861be7aa3af288af0fc4b.js
Size: 106.64 KB (106643 bytes)
MD5: 0734d82c472d619bb304954fe29b569c
Detection count: 33
File type: JavaScript file
Mime Type: unknown/js
Path: C:\Users\<username>\AppData\Roaming
Group: Malware file
Last Updated: August 27, 2020
C:\Users\<username>\AppData\Roaming\LhBGYGWvRE.js File name: LhBGYGWvRE.js
Size: 39.51 KB (39515 bytes)
MD5: 417966e39f3611d46c46b04e956a3ac0
Detection count: 21
File type: JavaScript file
Mime Type: unknown/js
Path: C:\Users\<username>\AppData\Roaming
Group: Malware file
Last Updated: June 26, 2019

Registry Modifications

The following newly produced Registry Values are:

Regexp file mask%APPDATA%\kl-plugin.exe
Loading...