StoneDrill

StoneDrill is a file-wiper Trojan that also provides a backdoor into the system. StoneDrill can erase files on your computer permanently and give threat actors the means for collecting confidential information and conducting other attacks. Due to the Trojan's identity-concealing defenses, such as memory injection, users should depend on updated anti-malware tools for deleting StoneDrill or identifying it.

The Silent, In-Memory-Only Drill

File-wiping Trojans can be created by accident – such as in a buggy implementation of a file-locking Trojan – or on purpose. In the latter case, the threat could be an ill-minded 'joke' with no purpose other than destruction or an espionage tool. StoneDrill is the second of these options and includes some of the most data-destructive attacks possible but with a low-key presence.

StoneDrill is one of several threats tied to APT33, a group of hackers that target entities throughout the Middle East and Europe in apparent support of the Iran government's interests. Although StoneDrill is not the most readily-deployed Trojan in their kit, malware experts can corroborate incidents using it against live targets in Saudi Arabia and other countries. Some of its features are coded similarly to counterpart equivalents in Shamoon, although not to the point of implying that StoneDrill is a straight update or upgrade.

StoneDrill, like most state-sponsored Trojans, includes various ways of concealing itself, the most notable of which is its avoiding dropping a file on disk as its wiper module. Instead, it injects the wiping component into the system's browser process, such as Chrome. If its access privileges allow it to do so, it can wipe entire disks; otherwise, the Trojan deletes all user-accessible files.

When a Wiper is More than a Wiper

StoneDrill will not execute in a sandbox, which is one of its anti-analysis features, although most users will not be operating from within one habitually, which makes this 'defense' arguably irrelevant to any of its practical targets. Another feature that malware researchers are emphasizing is StoneDrill's C&C connection, especially, which is detailed that it functions as a full-blown backdoor sufficiently. Attackers may, through it, harvest environmental information, credentials, or files, or issue command-line instructions for changing the system in ways that impact its security negatively.

APT33 may use social engineering tactics on social platforms, e-mail phishing lures, or hacking network credentials for compromising PCs and introducing StoneDrill. Since the chances of visually identifying the Trojan are all but nil, users should protect their networks with anti-malware utilities for flagging it automatically. They also should avoid enabling macros on suspicious attachments or using document-reading software without full patching for reducing vulnerabilities like Exploit.CVE-2014-1761.Gen.

Those who believe that an infection is present should disconnect from both the world wide Web and any local networks. Anti-malware scans by competent security software should delete StoneDrill if it's present, but any data that APT33 collects beforehand, such as passwords, remains a point of future endangerment.

The idea of losing entire hard drives' worth of work is frightening enough, but StoneDrill offers worse than that for any victims. A Trojan that can take what it wants before destroying what you have is the ultimate robber-vandal.