Home Malware Programs Malware CREAMSICLE

CREAMSICLE

Posted: April 18, 2019

CREAMSICLE is a Trojan downloader that can drop other threats onto your system. The threat actors leveraging this Trojan are noted for their targets in Asian regions of the world and using sophisticated methods of introducing backdoor Trojans and spyware. Users should maintain strict security protocols for segregating at-risk devices from secure ones and use anti-malware products for detecting and uninstalling CREAMSICLE infections.

A Dessert Trojan to Go (Wherever It Wants)

APT30, a threat actor that has years of experience in state-level cyber-espionage, uses an array of tools for coordinating attacks against victims and collecting their information. While their most innovative development is the breaching of air-gap-protected hardware, their Trojans, worms, and other threats are comprehensive utilities for compromising both workplace and home PCs. CREAMSICLE, like its fellow Trojan downloader of BACKBEND, offers a look at the 'middleman' side of their operations.

CREAMSICLE, usually, compromises the PC after a victim opens a corrupted e-mail attachment or, otherwise, falls for a tactic that may include content that's crafted uniquely to their interests or job position. Typical infection methods may not deliver CREAMSICLE directly, and, instead, conceal it inside of a Trojan dropper for maximizing stealth. CREAMSICLE, then, downloads and installs other threats.

Like any Trojan downloader, malware researchers find few restrictions on what attacks CREAMSICLE could enable through its file-transferring and launching features. The APT30 group is, however, concentrating on espionage-related threats. The programs in question are numerous and often-updated, with some examples including FLASHFLOOD (which copies files and system information), and the backdoor Trojan BACKSPACE.

Melting the Ice-Cold Trojan-On-A-Stick

Because of the known tendencies for APT30's compromising removable devices, users shouldn't share USBs or other, removable data storage between their personal and work systems. Besides the dangers of having portable information collected, threats that CREAMSICLE helps with installing could compromise the drive and, from there, infiltrate an ordinarily-secure computer. Windows users are in somewhat more risk of attacks from CREAMSICLE's threat actors.

Once it's active, CREAMSICLE can drop any number of other threats onto your computer, including ones that grant threat actors control over the user interface and capabilities for collecting keyboard and monitor display-based information. However, traditional attacks will use well-known tactics for tricking a victim into lowering their guard, such as sending an e-mail message with a vulnerability-hosting document attached to it. Let your anti-malware products scan new files for removing CREAMSICLE or Trojan droppers for it and always verify your sources before trusting a suspicious-looking link.

CREAMSICLE, BACKBEND and its relatives are the utility knives of a threat actor's toolkit: they deliver versatile solutions for dismantling security-imposed obstacles. Since APT30 is more than a little successful at doing so, users in Asia and the rest of the world should take note and read their e-mails with care.

Loading...