Megumin Trojan

Megumin Trojan Description

The Megumin Trojan is a cyber-threat that has been sold on underground hacking forums since early 2018. However, it never gained much popularity until recently – apparently, the spike in the Megumin Trojan’s popularity coincided with the release of an updated version of this threat. The new version is also written in C++, and it packs an interesting list of features that would allow its operator to steal clipboard data, execute Distributed-Denial-of-Service (DDoS) attacks, mine for cryptocurrency, execute DOS commands, load other files onto the compromised system and collect files from victims.

The authors of the Megumin Trojan have implemented some basic checks to reduce the chances that the Trojan will be run in a debugging environment, therefore making it more difficult for malware researchers to dissect and examine it slightly. Upon launch, the Megumin Trojan may check the titles of currently opened Windows to look for commonly used malware debugging tools – IDA, OllyDbg, ImmunityDebugger, Wireshark, HTTP Analyzer and others. In addition to this, it checks a specific field of data in the Process Environment Block that may give out the presence of a debugging environment.

The Megumin Trojan acquires persistence by creating a scheduled Windows task, as well as by modifying the Windows Registry. The remote attacker can control it with the use of a series of commands that allow them to take advantage of all of the Megumin Trojan’s features.

The ability to run miners on infected computers and collect/replace clipboard data certainly seems like the features with the biggest potential – the Megumin Trojan supports AMD and NVIDIA GPU mining, as well as CPU mining. It can monitor the clipboard for wallets linked to a broad range of cryptocurrencies, and replace the wallet with the one configured by the attacker. Last but not least, the ‘Clipper’ module of the Megumin Trojan also is used to modify transactions linked to QIWI,, Ya.disk, and Steam.

The rich list of features and the convenient online control panel turns the Megumin Trojan into a threat to be very wary of, especially since any criminal with some money in their pocket can start using it. We advise you to take the required steps to eliminate security risks, as well as to install a suitable anti-virus software suite that will keep you safe from potentially harmful files and connections.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Megumin Trojan may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Posted: May 7, 2019
Home Malware Programs Trojans Megumin Trojan

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.