Home Malware Programs Malware BLYPT

BLYPT

Posted: September 24, 2013

Threat Metric

Threat Level: 2/10
Infected PCs: 54
First Seen: September 24, 2013
Last Seen: April 25, 2023
OS(es) Affected: Windows

BLYPT is a recently-identified family of backdoor Trojans that concentrate on compromising PC users from the United States. The BLYPT family is dubbed such for its heavy use of binary objects in the Windows Registry, and Java-based drive-by-download exploits from corrupted websites are expected to be the primary injection vectors for individual members of BLYPT. Although the goal behind the BLYPT campaign currently is a mystery, BLYPT Trojans are capable of opening backdoor vulnerabilities that often are responsible for installing new threats, disabling security features or stealing private information from infected PCs. As is usual for this type of malicious software, removing BLYPT Trojans from your computer with any degree of efficiency requires anti-malware tools capable of detecting and deleting concealed high-level PC threats.

BLYPT: Barely a Blip on Your Radar Even as a Huge Blob in Your Registry

Backdoor Trojans are one of the most generally applicable types of Trojans for compromising PCs – since they work equally well for compromising private industry, government or personal computers, and often have a hand-in-hand role with more specialized types of threats than themselves. Thus, it was with little surprise that malware researchers greeted the emergence of BLYPT into the 'backdoor' genre of Trojans, noting a heavy distribution of BLYPT throughout the US despite its C&C servers mostly being in China. While some of the most notorious backdoor Trojans have targeted government agencies, government contractors and various private businesses, BLYPT appears to target casual computer users. Based on previous campaigns similar to BLYPT's own, Bitcoin mining attacks and search hijacks may be intended to be eventual payloads.

There are a number of technical features of this family (with at least two variants confirmed so far) that malware experts find worth noting, including the use of Registry blob data, the encryption of BLYPT components to confuse security programs, the design of two separate versions for 32-bit or 64-bit Windows operating systems and the use of Java exploits for distribution. However, all of these little individual quirks of BLYPT don't change its major attacks, which are designed to allow criminals to control your PC by issuing commands through BLYPT and, if necessary, updating BLYPT's components for new attacks. There aren't any symptoms associated with BLYPT infections, and many of its files are disguised as PNGs or other harmless file formats.

Playing Window Washer to the BLYPT Saturating Your Registry

BLYPT does its best to conceal its individual files and activities from being detected through any casual observation, but this low profile shouldn't be taken as indicative of BLYPT being harmless. Despite having its sights set on lower targets than usual for a backdoor Trojan, BLYPT does maintain a backdoor connection that's equivalent to letting a stranger sit at your keyboard whenever he wants, and any possible BLYPT infection should be considered a major security and privacy violation.

When dealing with these high-level PC threats, SpywareRemove.com malware researchers usually find it best to use anti-malware software to delete them efficiently. In the case of BLYPT, making sure your security software is updated also should be considered highly necessary; this family has received updates over recent months and is most likely still to be in active development.

Of course, stopping a BLYPT infection from ever happening by disabling Java, updating all relevant software and using all other applicable means to protect your browser from BLYPT's drive-by-download attacks also is commendable.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



logo32.png File name: logo32.png
Mime Type: unknown/png
Group: Malware file
ogo64.png File name: ogo64.png
Mime Type: unknown/png
Group: Malware file

Additional Information

The following URL's were detected:
buffstream.stream
Loading...