Posted: July 11, 2019


KASPERAGENT is a backdoor Trojan that can download other threats or collect information from your computer. This Trojan is only in use by APT-C-23, a threat actor that targets high-priority victims in North American and Middle Eastern nations. Users should disable Internet connections after infections for stopping any communications with the C&C server, and use a dedicated anti-malware tool for removing KASPERAGENT safely.

E-mailing an Agent of Security Problems

Following a phishing tactic to the end of its trail, generally, results in a Trojan at the destination. The ongoing relevance of this simple social engineering tactic makes it evident that it's retaining its potency against highly-placed victims, even for state-versus-state ops. Such is the case with KASPERAGENT: just one of the multiple threats that are parts of the Two-tailed Scorpion's range of black hat programs.

E-mail messages carrying delivery vehicles for KASPERAGENT, generally, involve custom-crafted content for tricking users into opening shortening-obscured links (such as via Bit.ly) and opening a corrupted RAR archive. The installation process includes opening a 'real' document, but also implants KASPERAGENT or a related threat, such as MICROPSIA, in the background.

Because KASPERAGENT has multiple variants with differing efforts of programming development, malware experts can't confirm all security risks from infections. By default, KASPERAGENT includes additional Trojan-downloading functionality and a standard backdoor that collects system information and notifies the threat actor of the successful attack. However, it also may boast of extra features: keylogging, screengrabbing, credentials theft, copying files for collecting and processing system commands.

Readers should note that malware experts find no connection between KASPERAGENT and the AV company, Kaspersky Labs. The Trojan's name is a derivative of an internal, PDB text string.

Authorizing Self-Agency Over One's Network Security

Users can protect their networks from KASPERAGENT attacks by avoiding clicking on shortened URLs without verifying their safety, first, through appropriate security solutions or other methods. Most active AV products should, also, identify the Trojan dropper inside of the archives. Phishing tactics often use content that's highly unique to the target, and users should anticipate exploits that refer to their organization, industry and even employee names.

Malware researchers also connect KASPERAGENT's threat actor, Two-tailed Scorpion or APT-C-23, to substantial investments in tactic websites. These sites may use themes such as free Flash games or local news for disguising their corrupted content and drive-by-downloads. Disabling features like Flash or JavaScript will help with protecting your browser, and Web surfers should continue scanning all downloads before opening them.

Old versions of KASPERAGENT use the disguise of a fake Adobe 'Cinema Video Player,' although new variants will, almost certainly, hide under different names. Anti-malware services should have their databases kept up-to-date for deleting KASPERAGENT accurately and as soon as possible.

KASPERAGENT's growth from its early state of downloading specialization into generalized spyware is something that all government and business employees should keep well in mind. Trojans,

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to KASPERAGENT may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.