StealthWorker
StealthWorker is a brute-forcer Trojan that compromises login credentials by guessing their usernames and passwords. Although the Trojan's attacks target third-party websites, the host PC is part of a botnet and may abet other crimes. PC users suspecting infection should have anti-malware products delete StealthWorker, if necessary, and address all possible infection methods, such as outdated software or weak passwords.
A Brute-Forcing Tool in Its Unnatural Habitat
Although PC owners worry about Trojans, viruses, and other threats for how those programs can harm their PCs or digital belongings, the criminal lifestyle incentivizes infecting PCs for outward-facing attacks equally. Robot networks of compromised PCs, or botnets, are helpful for Distributed-Denial-of-Service crimes especially and, as the activities of StealthWorker show, financial credential theft. Recent details are illuminating many, but not necessarily all of this password-breaking Trojan's campaign.
StealthWorker is a Windows-based, brute-force utility that 'guesses' logins, not for the PC's accounts, but those of various financial domains. Currently, the criminals are using this capability for gaining access to the sites and implanting skimmer scripts, which upload customer financial information to a fake Google domain under the threat actors' control. Sites using cPanel, phpMyAdmin, or Magento are at risk – including prominent platforms like WordPress.
Some further confirmation from malware researchers finds no dedicated features in StealthWorker's payload meant for compromising the PC that's playing the part of the host in its botnet. However, it's installing itself with the help of a Trojan downloader, Wallyshack, that could drop other threats besides this brute-forcing utility. This second Trojan uses compression and hijacks memory processes by replacing their information with a corrupted code, and transfers basic system statistics over to the threat actor, as well.
Putting Bad Work to a Proper End
Security issues worth remedying against StealthWorker's campaign take place at three points: the Windows systems hosting its bots, the exposed customers using the compromised commerce websites, and, of course, the website administrators. Regarding the latter, updating your server's architecture and installing all security patches will reduce many chances of compromise by remote attackers. So will using passwords with strong strings (long, mixed cases, a combination of alphabet and numerical and other symbols, etc.).
Customers can protect themselves by using anti-malware services that include unsafe domain-detecting features for intercepting activity that's transferring your information to unsafe destinations, such as the fake Google domain of the StealthWorker campaign. Windows users can block the precipitating Wallyshack attacks by avoiding infection vectors like e-mail attachments, illegal torrents, and corrupted websites abusing JavaScript or Flash vulnerabilities. Most anti-malware products should block that Trojan downloader but also may uninstall StealthWorker if the threat has a foothold on your computer already.
StealthWorker is a small block in a multi-program and exploit-based construction for collecting the customers' credit card numbers and other credentials. However, as with most threats with a complex support substructure, there are many things that most PC users can do for thwarting it at different stages.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.