Home Malware Programs Malware EvilGrab

EvilGrab

Posted: September 20, 2013

Threat Metric

Threat Level: 2/10
Infected PCs: 62
First Seen: September 20, 2013
OS(es) Affected: Windows

EvilGrab is a backdoor Trojan currently being deployed particularly against Chinese and Japanese government institutions – with the former victim being particularly interesting – since many similar attacks have been theorized to be related to the Chinese government, itself. While EvilGrab includes some advanced and innovative new features, such as being able to inject itself into the memory processes of some anti-virus programs, EvilGrab's primary goals and functions are typical for its type of attack campaign and involve the theft of confidential information by any one of several methods. SpywareRemove.com malware experts warn that audio, video and text-based data all are at risk from EvilGrab attacks and that nothing but the best anti-malware software should be used to find or delete EvilGrab from any affected PC.

EvilGrab: a Fitting Name for Another Espionage Trojan

EvilGrab is a backdoor Trojan that includes many different functions for grabbing your confidential information. However, most PC users aren't in a position to encounter EvilGrab – which is part of an attack campaign that currently appears to be targeting government systems exclusively. While China and Japan are by far the most affected by EvilGrab's attacks, EvilGrab also has been seen far abroad from Asia in other nations like Canada or South Africa.

SpywareRemove.com malware experts usually have found that backdoor Trojans of EvilGrab's ilk utilize e-mail messages to distribute themselves, and EvilGrab is another banner-carrier for that particular infection vector. Messages usually are disguised as communications from legitimate sources, but opening the attached file as requested may infect the target PC with EvilGrab. It also should be noted that many versions of EvilGrab may delete their original installers as part of their concealment strategy, which also involves injecting damaging code into the memory processes of various unrelated programs.

EvilGrab includes many of the usual spyware attacks that SpywareRemove.com malware researchers are well familiar with, such as:

  • Keylogging, AKA recording your typed information to a text file.
  • Capturing screenshots.
  • Stealing information from social networking programs like Tencent QQ.
  • Stealing information from major Web browsers (Internet Explorer) or e-mail clients (Microsoft Outlook).
  • Capturing video data with Microsoft's DirectShow features. Wave API similarly is used to grab audio-based information.

Swatting the Grasp of EvilGrab Away from Your Government

EvilGrab components often are detected by aliases including BKDR_HGDER, BKDR_NVICM and BKDR_EVILOGE, and usually use DLL file formats as part of their disguises. To detect and remove all components of EvilGrab accurately, SpywareRemove.com malware researchers recommend using updated anti-malware software – preferentially software that isn't from one of the brands that EvilGrab incorporates into its injection attacks.

Because the e-mail attacks that install EvilGrab Trojans usually prefer to use Microsoft Excel, Word or Adobe PDF exploits, avoiding the use of software related to these exploits may provide some protection from EvilGrab infections. SpywareRemove.com malware researchers also recommend making sure that you scan any suspicious attachments before opening them as an easy safeguard against EvilGrab installers.

Loading...