Fruity trojan downloader performs multi-stage infection of Windows computers
news.drweb.com
Doctor Web has uncovered an attack on Windows users involving a modular downloader trojan dubbed Trojan.Fruity.1. With its help, threat actors can infect computers with different types of malware, depending on the attackers’ goals. To conceal an attack and increase the chances of it being successful, they use a variety of tricks. These include a multi-stage infection process for target systems, using harmless apps for launching components of the trojan, and trying to bypass anti-virus protection.

Summary

What is Trojan.Fruity.1?

  • A modular downloader trojan that can be used to distribute other malware.
  • Distributed through malicious websites and software installers that appear to be legitimate.
  • Once installed, Trojan.Fruity.1 begins a multi-stage infection process that can ultimately lead to the installation of the Remcos RAT spyware.

How does it work?

  • The trojan is implanted into legitimate programs, such as Python libraries, VLC mediaplayer, and VMWare virtualization software.
  • The trojan uses a variety of techniques to evade detection, including encryption, steganography, and process hollowing.
  • The trojan can be used to infect computers with other malware, such as ransomware, cryptominers, and backdoors.

How to prevent infection?

  • Only download software from trusted sources.
  • @ZeronEnglish
    161 year ago

    Yep. There’s a reason whenever i install an adblocker for a friend or family member they suddenly and mysteriously no longer “get viruses” anymore.

    Ad blocking is a security measure, because these ad networks have zero accountability for what you are shown. I will never in a million years allow ads onto my network intentionally. If i deem a service good enough that i think they deserve my money, i grab some merch or throw them a donation. It gives them more than tens of thousands of my ad impressions ever would.