Home Malware Programs Backdoors ZXShell

ZXShell

Posted: October 31, 2014

ZXShell or Sensode is a backdoor Trojan first seen in wide use in 2012. By its use in targeted Axiom campaigns against governments, corporate entities and NGOs, ZXShell primarily is considered a tool of cyber espionage. However, ZXShell also has general features for modifying system settings and giving third parties generous access to the infected PC. Without any symptoms to correlate with its attacks, your only signs of ZXShell infections are the automatic warnings of anti-malware products, after which you should take any means needed to delete ZXShell.

Prying Open a ZXShell Trojan

Simple variants ZXShell Trojans have existed as long ago as 2004, but its modern uses typically are associated with recent threats, such as the hacker organization Axiom. Like many Trojans with backdoor features, ZXShell is sold to other third parties for its invasive but easy-to-use attack set, which may be put to use in different threat campaigns. Individual distribution methods are, accordingly, unpredictable. However, malware researchers found consistency within ZXShell's attack functions, which showed minimal variation between versions.

ZXShell's most important attacks may include:

  • A shell application may provide third parties with access to command-line arguments and instructions, which may let remote attackers modify your files or system settings.
  • ZXShell may have built-in keylogging functions for recording any information typed via keyboard.
  • A remote desktop function may let ZXShell's distributors hijack your keyboard input or mouse input.

PCs connected to a compromised machine via local networks also are at risk of ZXShell attacks, which includes some side functions specifically for such vulnerabilities. ZXShell also has Windows account features that could allow ZXShell to delete users, lock them out or create brand-new users. ZXShell also may harvest your basic system information for enabling other attacks taking advantage of that data.

Throwing Back the Trojan Catch of the Day

ZXShell's age, coupled with its persistence in the modern area, shows how a RAT may retain relevance with simple, but efficient attack features. ZXShell also may be supported by other, more modern threats than itself, and malware researchers have seen some incidents where ZXShell installs via Roarur, Derusbi, and other Axiom-affiliated Trojans. Updating your anti-malware security to catch the latest variants of ZXShell may be highly useful, when taking into account Axiom's known predilection for releasing spinoffs of old threat tools.

Belying the years accrued on its central code, ZXShell is a high-level threat that gives third parties unrestrained access to your files and OS settings. Obviously, trying to uninstall ZXShell with anything other than proper anti-malware software is a risky procedure, which is made even riskier by the potential presence of other Trojans. For PC users suspected to be possible targets of ZXShell campaigns, malware researchers also can recommend watching for likely attacks through e-mail spam or niche websites, both of which are common themes for Axiom-used threats.

Related Posts

Loading...