LACyber is a Division of Lincoln Archives Inc.

Malware Awareness from LACyber: Part 1

(Uploaded: 2018-11-12 12:18:00 -- Author: Sally Rozumalski)

Malware Awareness: Part 1

Malware: any software which can cause harm to your computer. There are many different types of malware and each is slightly different from the next. Computer viruses, Trojans, Worms, Adware and Spyware are all considered to be malware and can cause significant damage to your system from extracting personal information, to stealing money, or even locking you out of your device. At LACyber we take your security very seriously!

In this two-part blog series, we will break down the top 10 malwares from October 208 listed by the Center for Internet Security. By understanding who the malware targets, how it spreads and what you can do to ensure your data is secure and protected, you will be proactive in protecting your data.

In part one of this series, will we break down malware’s 10 through 6:  

10: Xtrat

What is Xtrat?

XTRAT, is a Remote Access Trojan that can steal information. It may run in the background and silently collect information about the system, connected users, and network activity.   It can even allow the hacker to install additional software.

How is it spread?

It is typically spread by a download from the Internet, and or dropped by other malware. It can be packaged with free online software, or could be disguised as a harmless program and distributed by email. 

Who does it target?

This RAT has been used in attacks targeting Israeli and Syrian governments.  It has also been seen more recently in North America targeting individual entities as well.

9: WannaCry

What is WannaCry?

The WannaCry ransomware consists of multiple components.

It arrives on the infected computer in the form of a dropper that extracts the other application components embedded within itself.

Who does WannaCry Target?

The WannaCry attacks have affected computers and business operations in more than 74 countries; one of the biggest malware attacks to date

It has affected big name corporations and governments worldwide from the United States to Great Britain and Russia.

Method of Infection?

After infecting a Windows computer, it encrypts files on the PC's hard drive, making them impossible for users to access, then demands a ransom payment in bitcoin in order to decrypt them.

Why is WannaCry so destructive?

It is believed that the NSA discovered this and rather than reporting it, developed code to exploit it, called EternalBlue.

This was then stolen by a hacking group known as the Shadow Brokers, who released it.

Many systems remained vulnerable, and WannaCry, which used EternalBlue to infect computers, began spreading rapidly.

8: Trickbot

What is Trickbot?

Trickbot is a more recent mobile banking trojan, which is used to steal financial records.

Main methods of infection:

Phishing campaigns, which trick users into entering their credentials fraudulent banking websites, designed to appear as legitimate.

Trickbot can also steal from Bitcoin wallets.

Who does Trickbot Target?

Trickbot targets customers of financial banks as well as high profile Bitcoin users.

7: CoinMiner

What is CoinMiner?

CoinMiner is a malware developed to take over a computer and use it cryptocurrency mining without a user's permission.

Method of infection?

CoinMiner has three methods of infecting a system depending on Bitcoin usage:

  1. If the malware locates a Bitcoin folder: The program searches out files, encrypts them, changes their extension and sends a ransom note demanding payment within three days.
  2. If the machine does not possess a Bitcoin folder: deploy the miner. This has the ability to mine cryptocurrencies and is disguised.
  3. If the machine does not fit either of these criteria: activate a worm designed to spread the malware through the local network so it can infect computers that do.

Who does CoinMiner Target?

Ideally High-usage Bitcoin individuals or entities. However, even without this a system can still be infected across the network via a worm.

6: Gh0st

What is Gh0st?

Gh0st is a trojan Remote Access Tool used on Windows platforms, and has been used to hack into some of the most sensitive computer networks on Earth.

Method of Infection?

The scenario for attacks using Gh0st follows a very typical targeted malware lifecycle:

  1. Spear phishing email with a link to a malicious URL
  2. User clicks link
  3. Dropper is downloaded then downloads Gh0st
  4. C2 beaconing/ Gh0st protocol initiated

*From here the attacker can access total control of the system in some cases

Who does Gh0st target?

This particular malware originated in China around the year 2000

It often poses as an official organization, most typically government making it seem official.

It is known for targeting government agencies as well as various Tibetan Institutions


So, what can YOU do to protect yourself?


  1. Enable your internet pop-up blocker: Pop-ups and ads are the most widely used tactic by cybercriminals with the intention to spread malicious programs. Avoid clicking uncertain sites, software offers, and pop-ups in general.


  1. Keep your System Updated: To avoid infections, you should always keep your system updated through automatic windows updates.


  1. Enforce Cyber-Security precautions with a Third-party: Take the time to enforce precaution with a third-party contractor to mitigate the risk of a breach. At LACyber we offer a comprehensive approach to securing your information from precaution to maintenance and even reactional practices if necessary!


  1. Regular Backup: Regular and periodical backups is crucial to help you to keep your data safe in case the system is infected by any kind of virus, malware, or any other infection.


  1. Always have an Anti-Virus: Precaution is always better then Reaction.


Keep an eye out for the next part of this series to find how you can protect yourself from the top 5 malwares of October 2018.

LACyber is a division of Lincoln Archives providing comprehensive Data Breach Defense Services. Lincoln Archives and LACyber are proud to be a part of Lincoln Family of Companies serving the Western New York Community since 1914.

Back to Blog Post Listings

We'd love to hear from you!