Gamarue Malware Downloads Malicious Files from SourceForge

05:17 21 February in Latest Threats
Gamarue infection chain

Gamarue infection chain

Progressively malware developers are moving to legitimate hosting services to store malicious components. As per experts, a variant of the Gamarue malware is intended to download additional components from the popular code storehouse SourceForge.

Four files have been recognized in the initial phase of the attack analyzed by Trend Micro: a shortcut file that appears to point to an external drive, a .com file, a desktop.ini file, and the main Gamarue file disguised as thumbs.db.

The shortcut file points to the .com file, which runs another executable disguised as desktop.ini. This desktop.ini file drops the main Gamarue file, detected by Trend Micro as “WORM_GAMARUE.LJG.”

When the main file is decrypted, it modifies itself and starts downloading further malicious components from a SourceForge project called “tradingfiles.”

The same user has created two additional SourceForge projects that host malicious Gamarue files: “stanteam” and “ldjfdkladf.” Experts say that new files have been uploaded to these projects opening with June 1.

Once it attacks a PC, Gamarue allows cybercriminals to take over the device and steal data from it. The malware can also be utilized to launch attacks on other systems from an infected machine.

The threat spreads via removable drives and the disreputable BlackHole exploit kit.

Chat With Our System Analyst To Remove All Kinds Of Threats And Get Online Technical Support.

No Comments

Post A Comment

Get instant support anytime, anywhere. Our technical experts are online 24/7.