BUBBLEWRAP Trojan
The BUBBLEWRAP Trojan is a backdoor Trojan that gives threat actors control over your PC and supports more specific attacks through its add-ons. Campaigns involving this Trojan have targeted media companies in Hong Kong and abuse e-mail attachments for compromising the system. Users may scan all downloads for detecting this threat at the installation phase or remove the BUBBLEWRAP Trojan as soon as possible afterward with general system scans through their anti-malware products.
All Wrapped Up with a Backdoor Trojan on Top
The 'admin@338' threat actors' group is staying active after a series of campaigns against targets that mostly consisted of economic-oriented entities. While these hackers are known for using public hacking tools, they also don't shy away from developing custom resources for deploying, such as the BUBBLEWRAP Trojan. This threat is a second stage payload that infects PCs after an initial compromise by another one.
The BUBBLEWRAP Trojan infections, in contrast to past activities from the same source, are harming Hong Kong media organizations and give remote attackers a flexible degree of long-range access into their networks. The infection strategy involves, as is so often the case, e-mail messages with custom-forged credentials and contents. Recipients open a corrupted attachment that drops the LOWBALL Trojan, which delivers the BUBBLEWRAP Trojan after ascertaining the quality of the target.
The BUBBLEWRAP Trojan runs automatically and collects system data for delivering to its C&C, such as the OS version or network hostname, which could help threat actors choose suitable payloads for future efforts. Its Command & Control communications are conventional but, also, semi-flexible, with support for SOCKS proxies, HTTP, or HTTPS protocols. It also is modular and can download more components that leverage other attacks against the compromised system.
Popping the Plans of the BUBBLEWRAP Trojan
The BUBBLEWRAP Trojan's attacks are, by nature, associated with the presence of affiliated threats that are responsible for enabling it in the first place or expanding its scope. Users can protect themselves from known infection methods by always scanning downloads from unexpected sources, including e-mail-based ones, for detecting potentially corrupted macros and other exploits. Even so, other installation methods are far from impossible, and malware experts especially recommend that network administrators eye their login credentials and software versions for weaknesses that they can correct.
Since the BUBBLEWRAP Trojan gives remote attackers an invasive degree of possible control over the system, disabling network connectivity should be one of the first steps any victims take for counteracting it. Network-based security may or may not be capable of detecting C&C activity related to attacks; this threat actors' group often hides their communications in public cloud services that most companies would whitelist by default. Anti-malware tools can, however, delete the BUBBLEWRAP Trojan's local installation and similar Trojans, such as the LOWBALL Trojan.
The BUBBLEWRAP Trojan, or Backdoor.APT.FakeWinHTTPHelper, as it's also known, displays the ongoing, espionage-related activities of hackers in China against close by government and business networks of interest to them. While most wealthy countries aren't describable as keeping their hands clean of similar attacks, the real shame in the BUBBLEWRAP Trojan attack is that employees will so quickly open something threatening.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.