Upatre Malware Gets Update to Evade Detection Through SSL Encryption to C&C Servers
Hackers are relentless in the actions of keeping their malware creations updated with new advancements, enabling them to carry out aggressive attacks while evading detection. Among the latest malware to receive an update to better conduct its malicious actions is the Upatre Trojan horse, which has a new variant claimed to integrate full SSL encryption capabilities.
Upatre has long been known as a Trojan downloader that can be closely contrasted to threats like the Zeus Trojan, which was known for its abilities to efficiently steal banking login information for use in attacking online banking accounts. Upatre was also distributed by other threats through various methods, such as being spread by spam emails or malicious download links over the internet.
In the latest variant of Upatre, it adopts the ability to encrypt its communication with the designated command and control (C&C) server. Upatre, much like other aggressive Trojan downloaders and botnet threats, has a specified C&C that it connects to for obtaining its instructions for how it should carry out its malicious attacks.
Older versions of Upatre relied on regular HTTP traffic through non-standard ports. This method is susceptible to its data transmittal being cut off due to blocking the transferred data, which effectively rendered Upatre useless on infected machines. In other words, those Upatre-infected systems would no longer be in eminent danger of being used to perform malicious activities over the internet if the command and control server become unreachable. In a sense, Upatre would become dormant and lose its ability to be updated with new instruction sets.
Upatre is now capable of flying under the radar through the use of a new user agent. The method that the latest Upatre threat is using to avoid detection relies on its ability to make its traffic look like legitimate transfers, so the information sent and received is never associated with being malicious. Through the use of full SSL encryption, you can foil those attempting to detect malicious activity or data being transferred over the internet. SSL encryption (Secure Socket Layer), as you may already know, is a standard technology for encrypting data transferred between a server and client, which will limit sensitive information from being compromised.
Data encryption has long been a method for making and keeping transmitted data secure from hackers or those looking to extract information over the internet that does not belong to them. SSL encryption is commonly used when you make a purchase over the internet where it will transmit your credit card information in encrypted bits as to protect your data. Hackers have long been proponents of decrypting encrypted data through clever methods. However, in the instance of threats like Upatre, the rolls are reversed where hackers enable encryption on the malware's side to evade detection by security applications or experts.
One of the recent versions of Upatre caught by researchers was delivered by pretending to be PDF files. Since this detection, Upatre was updated to have a different delivery method where it will download the payload in the background and the data downloaded is encrypted. In now knowing what to look for in the encrypted data transmitted by Upatre, security researchers are able to pinpoint its malicious actions and block it.
Researchers suspect we have not seen the last of Upatre's updates as it will have a newer method put in place to evolve into an advanced malware threat that can evade detection once again. Until then, Upatre has been stopped in its tracks.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.