JasperLoader
JasperLoader is a Trojan downloader that can download and install other threats automatically. Traditional deliveries for this threat involve spyware that collects bank account information, modifies your Web-browsing experience threateningly and gives threat actors a backdoor into your computer. Keep anti-malware products ready for removing JasperLoader infections promptly and be prepared to change passwords or other credentials that its attacks could help hand over to criminals.
The Cursed Gemstone that Thieves Give to You
A commonality in the many attacks of threat actors is their dependence on thoroughly-analyzed delivery mechanisms, which is the foundation of campaigns that are as different as AT30's espionage through CREAMSICLE downloads and the much more primitive advertising fraud of Miuref. JasperLoader is another demonstration of a Trojan that could deliver multiple threats automatically but specializes in a software-based thief.
JasperLoader is a Trojan downloader, which distinguishes itself from a Trojan dropper by retrieving its payload from the threat actor's server. Attacks using JasperLoader are leveraging its presence for installing a banking Trojan, which most sources refer to as GootKit, although a minority use the alias of GoodKit, instead. The Trojan downloader uses VBScript, or Visual Basic Script for running on Windows machines and most cyber-security products identify it generically, rather than by its name.
While malware researchers are confident in delineating JasperLoader's payload as concerning just the downloading and running of other threats, GootKit is more invasive and specific. The banking Trojan modifies bank account domains for luring users into providing extra, confidential information, and intercepts bank credentials like passwords and login names. These attacks let threat actors access the account and transfer money, usually, emptying the victim's funds. Any other accounts or services that share the same login information will be at similar risk.
Cracking JasperLoader under the Hammer of Your Security
Enterprise-level users and website administrators can consider implementing firewall rules that block corrupted IPs and domains automatically, which may hinder some of the JasperLoader's downloading functionality. For average PC owners, identifying and heading off a potential infection is far simpler and more likely of succeeding. Under most circumstances, JasperLoader's attacks will have no symptoms of any substance, although GootKit may change your browser's behavior by creating unusual prompts or redirecting you to another site.
Most infections require disabling network connectivity, both for limiting any spread of the threat elsewhere and for keeping it from downloading files, uploading information, or receiving C&C instructions. This precaution is highly relevant to a Trojan downloader like JasperLoader, which, unlike a Trojan dropper, can't install new threats as long as it's offline. Users should place a high priority on uninstalling JasperLoader and GootKit through appropriate anti-malware services before dealing with any of the other fallout from infection.
JasperLoader's name is a mineralogy reference that brings to mind riches, and that's what it's after. That it's using a second Trojan for collecting information, instead of gems, doesn't make it any less threatening than an Old World highwayman-robber.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.