Proton Malware
The Proton Malware is a backdoor Trojan and spyware, also known as Calisto. The Proton Malware targets Apple's old OS X operating system and provides attackers with admin control and collects passwords. Users should remove the Proton Malware and related threats through standard anti-malware services while cleaning up any infection side effects, such as passwords in non-secure text files.
Seemingly Extinct Trojans Leaving a Lingering Poison
The Proton Malware is a semi-famous Trojan and spyware combination that got its notice from the cyber-security industry due to its innovative choice of infection methods and unusual demographics. Besides being particular to the OS X builds of Apple's operating system, the Trojan also has such unique properties as gaining victims by circulating inside the installers of legitimate software. Once it's in, it collects data – and may make that information more accessible for others to collect later, even if the user removes the Trojan.
The Proton Malware differs from most threats with bundle-based distribution models by not using torrents or threatening applications. Incidents in 2016 and 2017 show that its threat actor is compromising legitimate sites with OS X software downloads and modifying them, as in the attacks against Handbrake DVD ripper, Elmedia Player one, and Internet Security X9. Since the downloads happen on a 'safe' site, the Proton Malware achieves distribution easily, with a request for admin access being the only warning.
The Proton Malware is an information thief that also offers a generic backdoor for remote access to attackers, although its last known servers aren't functional now. It specializes in uploading passwords to the threat actor, but it places them in unprotected text files before it does so. Even if the Trojan isn't present anymore, any threat actor accessing the computer could find these files and collect the same data, thereby hijacking associated accounts.
Wiping Out a Particle of a Problem
The Proton Malware's infrastructure isn't current to modern versions of Apple's macOS. Besides having defunct C&C servers, the Trojan also struggles against the SIP feature, or System Integrity Protection of Mac OS X 10.11 and later. However, even these systems experience danger from the Proton Malware's collection of sensitive credentials and leaving the data in unprotected locations. Users may search for the related CRD and DAT files and should remove them if evident.
The Proton Malware's campaign's canniness also displays why security requires a mindset that extends beyond avoiding torrents and illegal websites. Although all notable cases received prompt correction from website administrators, replacing it with 'clean' installers, it's unknown how many users downloaded the compromised software versions beforehand. Users can protect themselves preemptively by scanning all downloads with anti-malware tools and should be careful about any requests for passwords or admin login information.
Malware experts recommend keeping all trusted security services up-to-date for compensating against any possible revisions to this threat. Always have a dedicated anti-malware product delete the Proton Malware as soon as possible, and change any potentially-collected passwords.
Supply-chain attacks are among the most sophisticated techniques that hackers have for infecting computers and taking what's on them. The Proton Malware is a textbook case of how easily mentally whitelisting a website can betray a computer user, even if the company that owns the domain is entirely above-board.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.