Catchamas
Catchamas is a Trojan that specializes in collecting information from the infected host. It is believed to be a part of the hacking tools that the Thrip APT (Advanced Persistent Threat) group uses. These hackers specialize in attacks against the healthcare industry, but their targets also include organizations in the military, media and telecommunications sectors. The group's activity is concentrated in South East Asia, and Catchamas is just one of the many hacking tools they use alongside other threats such as Sagerunex, Evora, and Hannotog.
The Catchamas infostealer is likely to be deployed to the infected host with the help of one of the backdoor Trojans listed above. Once Catchamas is active, it may hide its components by adopting the name 'NetAdapter' – a fake service that may leave the victim with the impression that it is related to their Internet connection. There is no such thing as a NetAdapter Windows Service, and this is simply a bogus name meant to mislead users into thinking that this is a legitimate Windows component.
The Catchamas Infostealer Focuses on Cryptocurrency Wallets
The Catchamas gains persistence by adding the NetAdapter component as an automatic startup entry in the Windows Registry, as well as by configuring a new Windows service that is programmed to start when the operating system boots up. Once Catchamas is loaded, it may begin to collect the following information from the infected host:
- Information stored in the clipboard.
- Monitor titles of application and browser windows – the infostealer may grab screenshots or initiate the keylogging module if the title contains a specific keyword.
- Collect information about the host's network configuration.
- Collect '.db' and '.bmp' files.
The Catchamas infostealer is likely to be used in long-term espionage and reconnaissance campaigns that target Thrip's usual victims – the healthcare, media, telecommunications, military and defense industries.
Although Catchamas is a custom-built piece of malware being utilized by just one cybercrime organization, it is very likely that a reputable anti-virus software suite should be more than enough to identify and halt this threat before it manages to complete its tasks.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.