Mikey

The Mikey Trojan falls in the category of the Trojan droppers that we have seen to be employed by the creators of threats like the TeslaCrypt Ransomware and the Punkey Malware. Security researchers reveal that the Mikey Trojan is deployed to users via fake driver updates, spam mail and pirated software. The multiple avenues of propagation allow the Trojan-Dropper to spread quickly and infect many users on a global scale. The Mikey family of Trojan droppers are designed to use port 8080, and download other threats from compromised servers that may host information-collecting applications and Remote Access Trojans (RATs) like NanoCore.

The variants of the Mikey Trojan dropper may be difficult to detect and remove because they are programmed to copy themselves all over the infected hard drive. There are many versions of the Mikey Trojan that may alter the runtime parameters of msiexec.exe by Windows and place corrupted DLL files in the system32 folder to install threats silently. Moreover, the binary that is downloaded by the Mikey Trojan-Dropper may be signed with a misappropriated digital signature to bypass the native code-signing protection in the latest versions of Windows. The Mikey Trojan dropper may incorporate an AutoIt script to ensure its operations and obstruct manual removal. The Mikey Trojan may hide its communications with its 'Command and Control' server by injecting code into the running instance of Internet Explorer, Mozilla Firefox, Opera and Google Chrome. The Mikey malware may allow its operators to compromise corporate networks and small business, which may make it a threat to individual users and organizations. Security researchers advise users to incorporate a strong anti-malware shield to repel attacks with the Mikey Trojan dropper and ensure that their local and network hard drives are protected.