SLoad
SLoad is both spyware and a Trojan downloader that often is in use in campaigns associated with e-mail phishing lure and the Ramnit banking Trojan. Although its configuration suggests a high level of interest in banking activities, SLoad's features are broad enough to cause other security issues. Windows users can protect their PCs by keeping anti-malware products available for removing SLoad automatically or blocking an installation exploit.
A Load of Financial Trouble for Your Computer
Trojan downloaders have their name thanks to their narrow focus on downloading other threats, usually, which are changeable according to whatever their instructions are from their Command & Control servers. SLoad, who includes both those ‘vanilla’ functions and other ones that are far out of its category, is bucking this specialty. Resultingly, it's a tool that lets threat actors identify their victims more cleanly and target data and accounts for theft with even greater efficiency than before.
SLoad has associations with a threat actor that uses variants of Ramnit banking Trojans especially, which SLoad downloads and installs. These campaigns begin their attacks with e-mail messages with contents that reference the victim by name and use the regionally-appropriate language. Opening the corrupted attachment activates a series of PowerShell scripts that end with SLoad.
SLoad can, of course, download and install other threats besides Ramnit, up to and including nearly any file that the threat actor specifies via an URL. Malware experts also confirm a self-updating feature, screenshot-taking capabilities, and a data-hunting search that targets online banking activity and Citrix files (possibly, for identifying cloud-based business operations). It conducts most of its behavior in a semi-constant loop that it intersperses with a brief hibernating feature and a regular 'checkup' for any command updates from the C&C.
Shrugging the Trojan Loader Off Your Shoulders
The top infection strategies for SLoad all tend towards geography-specialization, including technical support (such as geo-fencing checks at multiple stages), in addition to the social engineering-based content. Users can assume that attacks will pretend that they're highly-relevant to them as individuals, including company and personal references where appropriate. Many, but not all e-mail attachments carrying a Trojan dropper for SLoad use ZIP-compressed formats that pretend that they're documents.
Even though it conducts a much more generous set of attacks than most Trojan downloaders (see, for an example of the contrast, the Swort Trojan), none of SLoad's attacks offer symptoms for the user's observation. Systems protected by anti-malware services should identify the relevant PowerShell exploits or SLoad without letting the payloads finish triggering. If you require anti-malware services for removing a SLoad infection, change passwords and other credentials afterward and re-verify the integrity of your bank account.
SLoad can do more than 'only' deliver other Trojans to your PC. Whether this multiple-purpose toolkit approach to downloader-themed threats stays around or becomes a fad, only future Trojan attacks can tell.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.