AcridRain is a data collecting Trojan. Threats like AcridRain are used to collect information from the victim's computer. Malware researchers first received reports of AcridRain in July 2018. According to these reports, AcridRain was being offered for sale on underground malware forums where three individuals were promoting AcridRain for use in malware attacks. AcridRain represents a real threat to the computer users' data, and a security program should be used to ensure that your computer is protected properly from data collect Trojans such as AcridRain.
The Objective of AcridRain is to Collect Information
AcridRain is written using C and C++ and has been available for sale since early July 2018. Criminals looking to purchase AcridRain to carry out attacks must pay 1500 RUB (22 USD approximately at the current exchange rate). AcridRain is offered on a subscription base, and the purchasers can customize AcridRain to their specifications by using a malware builder that is sent in an executable file named 'StealerAR.exe' to the people that purchase AcridRain. Criminals with a subscription to AcridRain will have access to this malware builder and a Web-based control panel that can be used to monitor the AcridRain attacks and collect data from infected PCs.
The Various Features of the AcridRain Trojan
The criminals responsible for the AcridRain attack have advertised several features associated with AcridRain. Some examples of the features of this Trojan include:
- AcridRain is capable of collecting login information from the victim's Web browser directly. In the AcridRain's marketing material, 36 Web browsers are listed (although most are variants of Google Chrome or Mozilla Firefox).
- AcridRain can copy Web browser cookies and history, allowing criminals to gain access to the victim's Web browsing habits and history.
- AcridRain is capable of detecting when the victim logs into a digital currency wallet, both online and offline. This allows the criminals responsible for AcridRain to collect money from a wide variety of cryptocurrency denominations, which include Bitcoin, Monero and Etherium.
- AcridRain can collect account information from commonly used FTP clients, which could be used to compromise entire servers or collect valuable information through this medium.
- AcridRain can collect files from the victim's computer and upload them to its Command and Control servers.
- AcridRain can copy instant messaging and gaming session information and send them to its Command and Control server, allowing it to spy on the victim's activities.
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
How AcridRain Infects a Computer
AcridRain stores all data it collects in a ZIP file that is marked with time and date. One particularly threatening aspect of AcridRain is that it is capable of collecting credit card information from the victim's computer, as well as online banking information, which allows AcridRain to be used to collect money from computer users and empty their bank accounts and credit cards. The collected credit card information is stored in a text file named 'result_CC.tx,' which AcridRain delivers to its Command and Control servers. One worrying aspect of AcridRain is that the criminals responsible for the AcridRain attack are still developing and updating this threat clearly and constantly in an arms race to stay one step ahead of malware researchers and security companies.
Dealing with the AcridRain Infection
If your computer has become infected with AcridRain, you should use a reliable security remover that is fully up-to-date. Threats like AcridRain can be intercepted by a revised security application before they are installed and detected whether they are collecting information and relaying it to Command and Control servers. If you have been a victim of a threat like AcridRain recently, it is crucial to safeguard all online accounts and credit cards.