APT.9002
APT.9002 (with 'APT' as an abbreviation of 'Advanced, Persistent Threat') is a backdoor Trojan sometimes used in sophisticated campaigns targeting business and government entities throughout the world. APT.9002 may be installed by the same browser-based 'watering hole' attacks in use with Fexel backdoor Trojans and the Hikit rootkit. APT.9002 may grant third parties backdoor access to your computer. APT.9002 also may disrupt security features or install other threats. As a high-level threat, APT.9002 should be removed by dedicated anti-malware products that should have updated databases for identifying its latest variants.
Leading a Web Browser to (Trojan-Infested) Waters
APT.9002 is one of the many backdoor Trojans used by the Chinese hackers known as Axiom for compromising a wide range of government and industrial targets. Geographical regions favored for these attacks include the United States, Southeast Asia and Western Europe. Operation Ephemeral Hydra and the Sunshop Campaign are two examples of APT.9002-associated attacks meant to target the traffic of specialized Web domains. Visitors using a vulnerable Web browser, such as Internet Explorer, were subjected to exploits that eventually installed APT.9002.
APT.9002, also known as McRAT, Hydraq, Naid, Roarur and Mdmbot, has been identified in multiple variants over the past several years. No matter what variant is in play, APT.9002 may include backdoor functions meant to assist in the following attacks:
- APT.9002 may download and then install other threats, such as rootkits.
- APT.9002 may collect passwords, account login names and general system information, as well as other data.
- APT.9002 may make changes to the Registry that disable essential security features.
Some variants of APT.9002 Trojans also may hijack Internet Explorer's homepage, or use 'diskless' bodies that inject into the memory of other programs without writing any individual files to your hard drive.
Preventing an APT from Persisting on Your PC
Although compromised websites may be sources for the general distribution of threats to the public at large, APT.9002 and other Axiom-based threats never use indiscriminate distribution models. Energy sectors, non-profit organizations and diverse government branches are the usual targets of APT.9002 campaigns, which select websites to hack based on relevant Web traffic. Updating your anti-malware software is critical for identifying or deleting APT.9002, which has no symptoms and may install in a broad range of sophisticated variants, all of which use different methods to conceal their identities.
Besides giving PC users more than one reason to avoid using Internet Explorer, APT.9002 also showcases the importance of updating even your non-security programs routinely. Updated programs are at significantly reduced risk of being subjected to the vulnerabilities that could install threats like APT.9002. However, not all of these attacks may be prevented with simple patches, and malware experts have noted that Axiom, in particular, has a history rich in the use of zero-day, unpatched vulnerabilities.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.