Home Malware Programs Trojans Catchamas


Posted: March 30, 2020

Catchamas is a Trojan that specializes in collecting information from the infected host. It is believed to be a part of the hacking tools that the Thrip APT (Advanced Persistent Threat) group uses. These hackers specialize in attacks against the healthcare industry, but their targets also include organizations in the military, media and telecommunications sectors. The group's activity is concentrated in South East Asia, and Catchamas is just one of the many hacking tools they use alongside other threats such as Sagerunex, Evora, and Hannotog.

The Catchamas infostealer is likely to be deployed to the infected host with the help of one of the backdoor Trojans listed above. Once Catchamas is active, it may hide its components by adopting the name 'NetAdapter' – a fake service that may leave the victim with the impression that it is related to their Internet connection. There is no such thing as a NetAdapter Windows Service, and this is simply a bogus name meant to mislead users into thinking that this is a legitimate Windows component.

The Catchamas Infostealer Focuses on Cryptocurrency Wallets

The Catchamas gains persistence by adding the NetAdapter component as an automatic startup entry in the Windows Registry, as well as by configuring a new Windows service that is programmed to start when the operating system boots up. Once Catchamas is loaded, it may begin to collect the following information from the infected host:

  • Information stored in the clipboard.
  • Monitor titles of application and browser windows – the infostealer may grab screenshots or initiate the keylogging module if the title contains a specific keyword.
  • Collect information about the host's network configuration.
  • Collect '.db' and '.bmp' files.

The Catchamas infostealer is likely to be used in long-term espionage and reconnaissance campaigns that target Thrip's usual victims – the healthcare, media, telecommunications, military and defense industries.

Although Catchamas is a custom-built piece of malware being utilized by just one cybercrime organization, it is very likely that a reputable anti-virus software suite should be more than enough to identify and halt this threat before it manages to complete its tasks.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Catchamas may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.