LOWBALL Trojan
The LOWBALL Trojan is a Trojan downloader that the hackers' group admin@338 uses for compromising targets and determining whether to escalate the attack by introducing other threats. Infection can result in the attackers gaining control over the PC and its network via related Trojans, and, by itself, the program can upload or download files at will. Have your anti-malware products remove the LOWBALL Trojan as soon as they identify it and maintain network security standards for infection prevention.
When Lowballing One's E-mail Safety Comes at a Price
As often as hackers abuse it, e-mail is keeping its viability into the present day for launching attacks that turn into shortcuts into installing threatening software. The China-based group of hackers, admin@338, shows the usual strategies through which an e-mail message can turn into a delivery method for a payload like the LOWBALL Trojan, which forms the first out of multiple steps of dismantling the system's security. The LOWBALL Trojan's history is similarly notable for another factor, which is its hijacking public services for private, Black Hat interests.
Most e-mail messages in use by these threats use native-speaker-quality English, Chinese or other languages that are specific to the target. They forge contents with similarly high applicability to the expected reader, such as a political event, and deliver document-based attachments with vulnerabilities for dropping the LOWBALL Trojan. Through the LOWBALL Trojan, which contacts admin@338 through Dropbox services, the attacker may, then, choose to issue other commands or install other threats, or refrain from escalating the situation due to a low level of interest in the victim's system.
While the LOWBALL Trojan isn't the first threat with a propensity for hijacking cloud services, its disguise is a traditionally-effective way of working around security protocols that would block more-obviously-corrupted kinds of traffic to an unauthorized server. Other features that malware experts conclude are present include ones for file management, such as downloading and uploading, although the threat's primary purpose is acting as a 'middle man' for planting more advanced hacking tools in the system.
Going High When Trojans Go Low
The consequences and security issues of a LOWBALL Trojan infection include far more than its immediate capabilities or attacks. While the LOWBALL Trojan is relatively limited of scope, it serves its purpose for delivering more advanced, invasive, and potentially noisy (and, thus, detectable) Trojans, like the BUBBLEWRAP Trojan. A remote attacker might, from there, collect confidential information like passwords, compromise other network-available systems or coordinate other attacks.
Malware researchers recommend watching e-mail traffic especially closely for any signs of forgeries or other attacks. Most 'carrier' messages will be tailor-made for the receiver and will include attached documents with embedded exploits. Patching Word and other software can remove most of the non-zero-day exploits and prevent attacks, while anti-malware products come with features for finding and deleting the LOWBALL Trojan.
Some companies may choose to blacklist public services over leaving a cloud vulnerable in place for criminals to abuse. However, the LOWBALL Trojan is one of many ways of implementing the same technique, and blocking every possible weakness, in turn, may be impractical for even the most sensitive of networks.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.