SHUTTERSPEED is a backdoor Trojan that includes limited spyware features that could collect information. Its attacks are part of APT37 South Korean cyber-campaigns with state espionage motives. Users can protect themselves by upholding best practices for security with e-mail interactions and employ anti-malware programs as required for removing SHUTTERSPEED.
Losing Data at the Speed of Trojans
As a pragmatic threat actor that uses down-to-earth, 'whatever works' strategies for deploying buttoned-down Trojans, APT37 is a studied contrast to the more colorful, profit-motivated, and lone-wolf hackers of elsewhere. These criminals launch campaigns against South Koreans and other nations' residents, primarily focusing on the theft of information. SHUTTERSPEED is one of the ways they accomplish that goal.
SHUTTERSPEED, like KARAE, sometimes achieves deployment through the 'first-stage,' or, during the initial infection period. Through its capabilities, APT37 (also known by its more memorable names like Red Eyes and Reaper) determines whether or not the target is worth further action, and, potentially, cement its control over the computer. Unlike KARAE, however, malware experts can confirm SHUTTERSPEED's dabbling in the spyware side of attacks.
SHUTTERSPEED offers backdoor features such as collecting system statistics for the attacker and downloading other files (such as the installers for other threats). For unclear reasons, APT37 also baked in an extra feature: screen-grabbing. This attack, more often a part of a fleshed-out RAT or spyware kit, has SHUTTERSPEED take screenshots of the user's desktop.
Traditional strategies by APT37 will not hinge on deploying SHUTTERSPEED, alone. Most infections will escalate to introducing other Trojans and spyware through the downloading abilities of SHUTTERSPEED, KARAE and others.
Closing the Shutters on Eye
Examining SHUTTERSPEED's old attacks may offer clues to preventing future ones from achieving their goals. SHUTTERSPEED's deployment is notable for using highly-traditional, e-mail phishing attacks with attached documents and embedded vulnerabilities. There is a patch for the last known vulnerability (CVE-2017-0199, a code execution weakness in Microsoft Office), although APT37 could use different ones for any upcoming campaigns. Patching software and disabling macros are of high relevance to the self-defense of all potential victims.
Besides the above precautionary notes, malware experts also recommend paying attention to torrents and other download resources. SHUTTERSPEED's threat actor, often, uses psychologically-manipulative or social-engineering techniques for compromising systems and will tailor website breaches and Web content to their targets of the moment. Their C&C infrastructure may use either cloud storage that's available to the public, or a series of hacked sites, such as vulnerable Korean business websites. Once SHUTTERSPEED gets on a computer, it can download and install anything else virtually. First-stage Trojans are, as the name implies, just the start of something even worse, for those who aren't minding their security.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to SHUTTERSPEED may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.