Trojan Upclicker
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 90 % (High) |
| Infected Computers: | 28 |
| First Seen: | December 14, 2012 |
| Last Seen: | June 16, 2022 |
| OS(es) Affected: | Windows |
Trojan Upclicker is a malware infection that hooks to the victim's mouse, giving Trojan Upclicker distinct advantages over other Trojan infections. Malware researchers first noticed Trojan Upclicker during an analysis of possible malware infections' methods to evade analysis in a virtual sandbox. Trojan Upclicker does this by hooking to the mouse. Trojan Upclicker has a component that detects when the mouse communicates with your computer (logging movements and clicks). Automated malware analysis systems do not use the mouse (due their automated nature), making it possible for Trojan Upclicker to bypass analysis. Without mouse movements or clicks, Trojan Upclicker will remain dormant, preventing PC security researchers from analyzing Trojan Upclicker in a controlled environment.
Trojan Upclicker specifically detects when the left mouse button is pressed or released. When Trojan Upclicker detects a mouse click, then Trojan Upclicker activates its malicious code. However, if the left mouse button is never released, then Trojan Upclicker will not activate, meaning that Trojan Upclicker will not run in an automated analysis situation. Trojan Upclicker injects its code into running processes abusing the Windows Explorer. By using the browser on the infected computer, Trojan Upclicker will try to connect to malicious domains (one such domain has been detected as sendmsg.jumpingcrab.com). After establishing a connection with this website, Trojan Upclicker will create a backdoor on the infected computer using ports 443 and 80. This backdoor can then be used to send and receive data to and from Trojan Upclicker as well as for carrying out other malicious tasks on the victim's computer.
An essential part of studying malware like Trojan Upclicker and creating ways for your anti-malware programs to detect and remove malicious applications is the use of a sandbox environment or a virtual machine. These are often automated. Basically, PC security researchers use virtual computers, which are purposefully infected with malware. This method makes it possible to analyze the behavior of malware in order to block their malicious websites and add them to security programs so that they will detect and remove them. However, Trojan Upclicker refuses to run on a virtual environment unless Trojan Upclicker detects mouse clicks. Since virtual machines are not meant to be used for regular work, they will often have no keyboard or mouse and simply exist to be infected with malware. By not running on a sandbox environment, Trojan Upclicker tries to prevent PC security researchers from studying Trojan Upclicker or developing ways to fight Trojan Upclicker.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.