WiryJMPer Dropper
The WiryJMPer Dropper is a Trojan dropper that may install a variety of payloads, although current campaigns drop the NetWire RAT. The Remote Access Trojan can collect information and provide a user-friendly backdoor to your computer, while the WiryJMPer Dropper distracts victims with a cryptocurrency wallet interface. Have anti-malware tools scan incoming downloads and remove the WiryJMPer Dropper as they find it before it installs any threats.
Trojans Hiding behind Your Crypto-Coinage
A new approach to infiltrating computers is on display with the WiryJMPer Dropper, which uses both technical and psychological disguises for its infection routine. The WiryJMPer Dropper includes both a 'real' program – a cryptocurrency wallet application – and an ill-minded one. Victims, however, only see the former of the two, since the WiryJMPer Dropper injects the latter straight into the infected machine's memory.
The WiryJMPer Dropper is a Windows Trojan that looks like an unusually large (in file size) ISO-converted binary. Although it doesn't self-terminate in analysis or sandbox environments, its author uses significant code obfuscation for maintaining its low detection rates as a threat. While injecting its payload, such as the recently-observed NetWire RAT, into memory, it also drops an ABBC Coin Wallet program on the hard drive. The latter includes a link in Windows Startup and launches automatically, making it a visual distraction from any Trojan activities that are taking place.
For its part, the NetWire RAT (also IDed as Wirenet) is a keylogger, password thief, and general-purpose Remote Administration Trojan. It includes significant data-collecting support, but also may help attackers with conducting other attacks. Malware experts also point out that the WiryJMPer Dropper maintains system persistence, rather than being a 'one-and-done' installer, and, thus, represents a long-term security issue.
Spotting Wallets with Trojans in Their Folds
Torrents and other, content piracy-related resources are a possible infection source for the WiryJMPer Dropper, which uses an ISO-based file that users would associate with CD and DVD content, such as 'ripped' games, soundtracks or movies. The WiryJMPer Dropper has, as noted, an unusual physical size that makes its disguise somewhat suspicious. Other cues of its activities include the excessive length of the installation routine before the 'wallet' appears, as well as the latter's recurring appearance on every startup.
Malware experts recommend keeping one's security software in up-to-date status, when possible. The WiryJMPer Dropper campaign also throws more emphasis on this preventative security step, since out-of-date AV products are less likely of identifying the Trojan. And, as always, the presence of any Remote Access Trojan can provoke further, unexpected attacks, including installing other threats, collecting passwords or disabling security solutions.
Ideally, users can block this threat by having active anti-malware services to identify and delete the WiryJMPer Dropper during the download attempt. Users can procure safe wallet applications for ABBC cryptocurrency from reputable sources, such as Google's Play Store.
The WiryJMPer Dropper isn't the first threat that helps out the NetWire RAT, but its combination of technical and psychological sophistry could prove itself lucrative. Countering such strategies requires the users avoiding unsafe downloads and keeping sharp eyes out for programs behaving in unexpected and difficult-to-explain ways.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.