XDDown
XDDown is a piece of malware whose development and usage is attributed to a recently identified cybercrime organization known as XDSpy. XDDown is the group's signature piece of malware, and over the past few years, it has been used to compromised networks and servers all around Eastern Europe. Remnants of the XDDown malware's activity were discovered on the networks of political entities and Non-Governmental Organizations (NGOs) in multiple countries in the region – Russia, Moldova, Serbia and others.
XDDown features a modular structure that can be used to extend the primary implant's capabilities significantly. The criminals can use this to execute very fine-tuned attacks, which allow them to use the exact tools they need to accomplish their goals. The primary objective of XDSpy attacks usually is data theft and espionage.
XDSpy's Signature Malware Plagues Targets in Eastern Europe
The XDDown malware was usually delivered to its intended targets via carefully engineered spear-phishing email campaigns that used legitimate names, as well as current topics that are unlikely to seem out of place for the recipient. Usually, the emails contain a corrupted file that may use a different extension. XDDown has been spotted in RTF, LNK, ZIP, RAR and Microsoft Office files.
XDDown's components add different features to the primary payload:
- XDRecon – Gathers information about the infected machine's software, hardware and configuration.
- XDList – Lists hard drive partitions and scans their contents for file formats that the criminals might be interested in. XDList also can capture screenshots.
- XDMonitor – Just like XDList, it checks for potentially valuable files but focuses on removable storage devices.
- XDUpload – Collects specific files from the infected system and uploads them to the attacker's server.
- XDLoc – Collects WiFi Service Set Identifier (SSID) information that may be used to geo-locate the victim.
- XDPass – Tries to grab saved passwords from various Web browsers and mail clients.
XDDown's modular structure makes it threatening extremely since the criminals may continue to extend its capabilities even further. Thankfully, the attacks of this high-profile malware are preventable with the use of specialized security software and firewall services.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.