Posted: June 12, 2019

IPStorm Description

IPStorm is a Trojan botnet or decentralized network of infected computers. IPStorm can execute arbitrary PowerShell code for conducting various attacks, such as installing another Trojan, DDoSing a server or mining cryptocurrency. Users can IPFS-based traffic as a workaround for stopping its C&C communications until they remove IPStorm with an appropriate anti-malware tool.

Trojans Going Interplanetary

Decentralization is a useful structural philosophy for law-abiding citizens and criminals alike, and it should surprise few readers that user-based networks like torrents reappear in Trojan campaigns very regularly. A rising botnet is taking full advantage of everything that the lack of a centralized server authority has to offer – by hijacking a normally-legitimate network service and turning it into a series of C&Cs. Although service-hijacking has taken place before, IPStorm is the first case that malware experts can confirm of IPFS being the target of this misuse.

IPFS, or the Interplanetary File System, is a torrent-like protocol and network whose newsworthy uses include providing access to resources like Wikipedia for residents of countries whose ISPs are blocking it, as well as the Filecoin cryptocurrency. IPStorm hides its Command & Control communications behind the guise of this 'normal' peer-to-peer traffic, which could fool a variety of networking analysis tools, AV products and ordinary PC users. IPStorm is in the wild and, although its botnet is a small one of under three thousand compromised Windows machines, malware experts rate its future growth as being, potentially, explosive.

Other traits of IPStorm are in line with those of similarly professionally-designed, Black Hat 'business' software. It uses a compartmentalized, modular setup that makes swapping payloads and selective update deliveries friendly for the criminals. It runs PowerShell commands for executing various attacks and may sleep or hibernate periodically. The Trojan also tends towards hiding its components under the names of companies like Microsoft or Adobe.

Settling Down the Invading Storm

IPStorm offers a possible threat to more than just Windows users. Recent examinations of its samples imply that the developers, whose identities are unknown, are considering porting the Trojan over to other operating systems like Linux and MacOS. This Go-based Trojan is using infection strategies that, like the names of its authors, remains questionable, and malware experts only can recommend general precautions, such as disabling RDP and using non-brute-forcible passwords.

Possible payloads arriving through IPStorm include the following, among other, less likely options:

  • Distributed-Denial-of-Service (DDoS) attacks for crashing external servers.
  • Dropping high-level threats such as AZORult spyware, backdoor Trojans or Ransomware-as-a-Service families.
  • Hijacking the CPU and GPU for mining cryptocurrency.

Although not all of these dangers direct themselves towards the PC's user, most of them include invasive and unwanted side effects, including risks of damage to your hardware or files. Anti-malware services should have updated databases for eliminating IPStorm accurately since it's identifiable by no more than one out of every two AV vendors currently.

The Interplanetary Storm or IPStorm Trojan may be getting its brand and philosophical inspiration from Storm, another peer-to-peer threat from years ago. Old tricks of technological warfare, if still applicable, will see themselves recycled over and over again – until they stop working against protected users.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to IPStorm may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.