Asruex
Asruex is a Trojan that can collect information or files from your PC, provide a backdoor for ongoing surveillance and attacks, and download other threats. Its campaigns are associated with both victimizing members of the hospitality industry and taking advantage of document-related vulnerabilities. Users can install patches for closing off these security loopholes and use anti-malware products for removing Asruex safely.
Inviting the Wrong Program into Your Hotel
A classic Trojan utility of the DarkHotel threat actor is making the rounds again, after years of previous activity. What makes this new release of Asruex unusual is, ironically, the old age of some of its infection tactics. By taking advantage of out-of-date vulnerabilities in document reader software, it could be avoiding security solutions that are monitoring more up-to-date vectors for infection successfully.
The Asruex Trojan is a general-purpose threat with self-updating and modular features. It passes off system information to the attacker, as well as being capable of downloading other Trojans or copying files from the system to a C&C server. Malware experts are rating infections as high-priority threats that can provide long-term surveillance against the PC and related accessible devices.
Although Asruex is nearly half a decade old, its latest attacks are in 2019 and use an 'everything old is new again' philosophy. The Trojan droppers for Asruex consist of corrupted Word and PDF documents that abuse remote code execution and buffer overflow vulnerabilities (CVE-2012-0158 and CVE-2010-2883, for example) for those programs. Most of these vulnerabilities are patchable if users install the correct updates. The installation routine includes displaying the intended document, as well, which offers a distracting cover while Asruex establishes its system persistence.
Declining a Room for a Curious Trojan
Asruex's SOP for this year differs from its old attempts, which involved such components as advanced HTML or HTA files and initial compromises of Wi-Fi networks. Asruex also is an early example of weaponized steganography or concealing bad code inside of image files. Finally, like many backdoor-capable threats, Asruex runs checks for sandbox and virtual environments.
In tandem, all of these features make Asruex into a Trojan that's emphasizing innovative and sometimes rarely-used means of evading security software's threat-detecting rulesets. However, it isn't the only danger to PC owners that uses outdated vulnerabilities; many Exploit Kits or EKs, also, include similar philosophies for breaking into systems through unpatched software. The opportunity-based means of compromise makes patching one's applications and exerting proper version control into irreplaceable defenses for any business.
Users can depend on appropriate, updated anti-malware services for identifying and removing Trojan droppers related to this threat, as well as uninstalling Asruex, itself. Victims should note that untended infections may instigate further attacks.
It doesn't matter how old a vulnerability is if the target doesn't take steps for correcting it. Like a leaky pipe, it enables the flow of contaminant like Asruex just as readily as one that just appeared today.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.