Pterodo
Pterodo is a piece of malware that is being used by just one cybercrime group – the Gamaredon hackers, which are suspected to be Russian cybercriminals. The Gamaredon Group has been involved in numerous high-profile attacks against various industries, and their primary targets appear to be based in Ukraine. The Pterodo is one of the most frequently used tools in their arsenal, and this particular malware family is related to another backdoor Trojan that the Gamaredon hackers have used in the past closely – the Pteranodon.
Pterodo also operates as a backdoor, but it has fewer features when compared to the fully-fledged Pteranodon backdoor. According to cybersecurity experts, the primary purpose of Pterodo is to collect information about the infected host and enable the attackers to deploy additional malware onto the compromised network.
Gamaredon Hackers Use Pterodo against Ukrainian Targets
One of the latest hacking campaigns to involve the Pterodo malware targeted government and military organizations in Ukraine. The samples of the Pterodo backdoor obtained from the infected hosts were configured to target only Windows computers that use one of these languages – Uzbek, Tatar, Armenian, Belarusian, Ukrainian and Russian. This is a common strategy among cybercriminals since it allows them to make sure that their malware will only run on the hosts they target, and their malware will not operate on computers that do not fit a specific profile. This simple trick also minimizes the chances that the Pterodo malware will end up infecting a honeypot set up by malware researchers.
The Gamaredon Group has been using spear-phishing emails to distribute the Pterodo backdoor to their intended targets, and their emails may cover a wide range of subjects that are likely to attract the interest of the government and military personnel that the hackers are targeting. Ultimately, the goal of the Gamaredon hackers is to ensure that they will have long-term access to the infected hosts, therefore allowing them to perform reconnaissance and intel-gathering operations that are impossible to detect unless the targets use state-of-the-art antivirus software and security tools.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.