Kankan
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 90 % (High) |
| Infected Computers: | 209 |
| First Seen: | October 21, 2013 |
| Last Seen: | January 1, 2023 |
| OS(es) Affected: | Windows |
Kankan made recent headlines because of its distribution. Xunlei, a bit torrent client distributed in China and backed by Google was found to distribute Kankan and cause various Kankan infections on PC and Android devices. PC security researchers suspect that Kankan has infected thousands of computers in this way. One threatening aspect of Kankan is that Kankan is signed with Xunlei's security certificate, making Kankan riskier than the average malware infection. It seems that the Kankan Trojan, which only affected computer users in China, was created by employees of the Xunlei company using company resources. As of the writing of this report, it is difficult to tell how implicated Xunlei Networking Technologies is in this malware scam.
Also, it is important to note that Xunlei's software is extremely popular and that today it accounts for about a third of the world's BitTorrent users. This makes it the most used BitTorrent client in the world. It seems that Kankan was distributed using a dropper named 'INPEnhSetup.exe', disguised as an installer for a legitimate program. This dropper contacted a domain operated and owned by Xunlei to download and install three harmful applications on the victim's computer. One of these unsafe components is a Microsoft Office plug-in which made harmful changes to the Windows Registry to ensure that it runs automatically whenever the affected computer starts up. This plugin was also used to ensure that no software used by PC security researchers was present, preventing malware analysts from detecting and studying this infection.
Another of the unsafe components was used to install apps on Android phones without alerting the computer user. These were installed whenever the victim's phone was connected to the infected computer. Some of the apps installed include Chinese app stores and a phone call app that has been associated with a known scam. This attack was especially effective against computer users in China because of the common practice in that country of rooting cell phones and other mobile devices. This practice is due to this country's restrictive censorship laws that prevent computer users from downloading and installing apps popular in the West without first rooting their phones, disabling some of their security components that could protect them from Kankan. Since reports of Kankan attacks started to spread, Xunlei released an uninstaller application and seems to be cooperating in the detection and removal of this threat.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.