Starslord

Starslord is a Trojan downloader that delivers various threats on a hired basis, such as banking Trojans, to infected computers. As a significant update to SLoad, it has all of that threat's core features, along with changes that improve its anti-detection and organizational characteristics. Users should let anti-malware products delete Starslord immediately and be mindful of traditional infection techniques like corrupted e-mail attachments and brute-forcing passwords.

A Star from the Ashes of Old Trojans

The job of a go-between in most industries is an inglorious one, but still, sometimes, quite profitable. In the threat landscape sense of the term, Trojan downloaders and other loading-based threats are the 'deliverymen' of that world and can download and install, or drop from an internal package, any number of other programs. Starslord is showing the hazardously protective evolution of that sub-sector, with substantial enhancements to the already-robust framework of SLoad.

SLoad is a Trojan downloader the delivers payloads 'for hire' according to the needs of third-party threat actors. In the past, its attacks propagated banking Trojans like Ramnit predominantly. It can harvest system information related to files, processes, and programs, mostly, for delivering to the criminals who, then, choose an appropriate payload. Starslord possesses all of these traits, although it no longer uses VisualBasic during the installation routine (it uses Windows Script Files, instead).

Malware researchers find, however, that Starslord has two substantial advantages over the old version of the Trojan downloader. These are related to hiding itself from the security industry and providing organizational touches for the benefit of the threat actor:

• An anti-analysis function helps Starslord generate 'profiles' of computers under the operation of cyber-security entities and cuts off the multi-stage attack before reaching the last payload (like Ramnit).
• Another feature, described by researchers as 'revolutionary,' gives the admin controlling Starslord even more information about infection scenarios. It groups different systems with the same stages of infection, meaning that tracking victims and customizing attacks is easier than ever before.

Hindering Threats from Lording over Your Network

Generally speaking, victims suffering through Starslord infections are no more or less in danger than they were from the now-outdated SLoad. The distribution of banking Trojans that compromise accounts and facilitate fraudulent transactions remains the top risk from Starslord's campaign. Additionally, enterprise-level entities also are possible targets of this threat, with all the usual implications for internal network security (or the lack of it).

Users should choose their passwords with an eye to guidelines for limiting any chances of criminals cracking them by brute-force tools. Malware experts also recommend against enabling 'advanced' or macro-based content in documents, spreadsheets, and similar attachments without confirming their safety first. Software patches are requisite for limiting the range of vulnerabilities that criminals have for dropping Starslord equally.

Credible and updated anti-malware products should, despite the Trojan's improvements, remain capable of deleting Starslord at multiple stages in its deployment. Starslord is Windows-specific, although the same may not carry over to any of its payloads.

While Starslord's name is one that conveys a sense of arrogant nobility, its actions are mostly the opposite. With threat actors spending much of their time on defensive measures, victims can hope that Starslord's attacks will not be quite as fruitful in the future.