Win32.Bolik.2
Win32.Bolik.2 is a banking Trojan that uses various attacks for collecting confidential information, which pertains to online banking activities especially. Recent campaigns deploying this Trojan do so through hacking websites and swapping their freeware downloads with ones that include Win32.Bolik.2. Users can track their banking records for suspicious activity and use anti-malware utilities for deleting Win32.Bolik.2 from any potentially-infected system.
Crooks Editing the Downloads of Video Editors
The VSDC website is becoming a semi-regular target for hackers, who are taking advantage of the millions of hits in traffic yearly that the domain gets from users seekings its free video-editing software. One of the latest attacks hijacked downloading links for modifying them with a compromised installer that, besides giving the user the desired program, also deposits something 'extra' in the form of spyware, such as Win32.Bolik.2 or the KPOT Stealer
Of the two data-collecting threats, Win32.Bolik.2 is the more specialized one and focuses on exfiltrating information associated with online banking activities. Some of its user-attacking features include intercepting Web traffic, injecting corruptedly-crafted Web content such as requests for more data, monitoring various banking services for thieving purposes, and the ever-popular keylogging (or recording keyboard input into a log that it uploads to the threat actor's server). While Win32.Bolik.2 may display behavior irregularities for Web surfers while they use their banking sites, no such symptoms are necessarily hard-baked into its payload, and the attackers can opt to emphasize stealth and passive data collection.
Win32.Bolik.2 is specific to 32-bit Windows environments, and the attacks for distributing it may use geolocational filtering methods that compromise targets in some countries while ignoring others. The user, still, acquires their intended download of the VSDC software, and Win32.Bolik.2 can have few symptoms while it's infecting the system. Combined, these factors make it highly likely that victims will overlook Win32.Bolik.2 until unauthorized bills, loss of account credentials or other issues occur.
Taking the Trojans Out of Your Download History
Users can implement different protections from attacks like Win32.Bolik.2's, which depend on compromising the security of ordinarily-safe sites. Security tools with corrupted domain and script-blocking features should identify some of Win32.Bolik.2's downloading exploits and C&C communications and block them appropriately. Scanning downloads, even those that seem that they're legitimate, can alert users to modified installers that carry additional software besides that which is in the original package.
Besides its generally asymptomatic nature, Win32.Bolik.2 is a polymorphic threat that can compromise other files and implements a stealth-based approach to its system persistence. Network analysis tools may detect the communications with Black Hat domains or addresses, such as sync-time.info or the IP address 104.223.76.230. In all cases, inexperienced PC users should depend on dedicated anti-malware solutions for uninstalling Win32.Bolik.2, and change all compromised passwords as soon as possible after the fact.
The pattern of VSDC's site spreading Trojans may not be due to any fault of the part of the site's administrators. With criminals changing up their strategies for cracking sites, users should harden their defenses, in turn, for making sure that their bank accounts aren't equally crackable along the way.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.