Home Malware Programs Backdoors ANEL

ANEL

Posted: June 27, 2019

ANEL is a backdoor Trojan that conducts cyber-monitoring activities for the APT10 threat actor or China's Ministry of State Security. ANEL specializes in delivering data-exfiltrating threats like password thieves but includes backdoor functionality that could apply to other attacks. Appropriate use of anti-malware tools can delete ANEL infections or block them through their traditional infection vectors, like e-mail attachments.

State Warfare Using Iterative Software Development

Advanced Trojans that involve themselves in state-sponsored cyber-warfare don't generate spontaneously, and the paths that they trace from their birth to present-day versions can leave clues for the security industry's benefit. ANEL is another backdoor Trojan from APT10 (also known as Stone Panda or HOGFISH) whose presence indicates that the target PC is of interest to China's Ministry of State Security department. However, depending on what version the victim gets, it may show differences, including ones as extreme as a wholesale shift in its file structure.

ANEL occupies a similar niche to ChChes, RedLeaves, or other, backdoor-capable Trojans from these Chinese hackers. It's the second payload that drops after the first one, such as Koadic, which offers system data-harvesting for determining whether the attacks ought to proceed with more invasive Trojans like ANEL. There are many versions of ANEL, which, conveniently, can download updates of itself, and may change between DLL or EXE-based file formats, as well as connecting to different Command & Control servers or using new export functions.

The further payload of ANEL is more consistent than its internal organization relatively and includes emphasizing spyware tools. Malware experts highlight the presence of password and other credential-collecting spyware, which ANEL launches through a DLL side-loading method with a non-corrupted, Accessible Event Watcher executable. This tactic is a favorite of APT10, and they also use it in attacks with the backdoor Trojan PlugX.

Trojan Mail that You can Throw in the Trash

APT10 depends on phishing strategies for achieving their first phase of access to a vulnerable PC. Specifically, their attacks focus on well-crafted e-mail content, using linguistics and content formulation that's appropriate for, as one example, a Japanese media company or government branch. Workers can monitor their e-mail accounts for unexpected documents and should be cautious about clicking on any content that contains security warnings or external file-referring requests.

ANEL is a crucial portion of the software espionage by this threat actor but is never the only threat on the compromised machine. Users should disable network connections for cutting off any C&C activity or the exfiltration of confidential information and isolate the system from the rest of the local network. Anti-malware utilities with modern databases should remove ANEL, Koadic, and related threats as they scan the computer, along with detecting the harmful documents' embedded exploits.

ANEL is a dedicated abettor of monitoring software like the password-grabbing Getpass but is more than enough of a danger, alone. If they want to avoid infections, organizations with anything worth losing in the eyes of the Chinese government should prioritize phishing-spotting training.

Related Posts

Loading...