Attor

Attor is a threat that has been tailored to target mobile devices and has been able to operate for a couple of years without being spotted by malware researchers. This threat can be classified as a spyware tool, and it is likely that its operators have accumulated a large amount of collected data over the years. The Attor spyware has been spotted recently because its operators began targeting high-ranking individuals, which are linked to the Russian government. It appears that the activity of the Attor spyware is concentrated in Eastern Europe mainly, with the majority of targets located in the Russian Federation.

May Utilize AT Commands

The Attor spyware is a rather interesting threat. It has been determined that this hacking tool is built modularly. This allows the Attor malware to be very flexible. Furthermore, the design of this tool allows it to leave very little traces of its unsafe activity, and it also is considered to be very lightweight. It has a component, which serves to recognize GSM fingerprints. This component utilizes AT commands (also known as the Hayes command set). This is a rather old technology, which dates back to the 1980s. Despite the fact that the Hayes command set is over three decades old, it is still used to this day. The authors of the Attor spyware are likely using AT commands to trick security checks and remain undetected. This hacking tool allows its operators to gather various information about the infected host and their systems, which is likely to be used to make the attack more efficient.

Attor Spyware Capabilities

The capabilities of the Attor spyware are rather impressive. The Attor threat can:

• Record audio via the microphone on the device.
• Identify applications and processes, which are running.
• Take screenshots of the user’s screen.
• Gather data about the infected device regarding both hardware and software.

The creators of the Attor malware appear to concentrate on gathering data from the victim’s browser. There also are several applications that seem to be of special interest to the threat’s authors VPN applications, email applications and True Crypt.

Hosts Components on Separate Tor Hidden Services

To avoid the prying eyes of malware researchers, the authors of the Attor spyware have made sure to host the components of their creation on separate Tor hidden services. This method makes it rather difficult for cybersecurity experts to study the Attor malware as they would need to locate all the separate components to monitor the threatening campaign.

It is believed that the first operation involving the Attor spyware may have been carried out in 2013. A major campaign in which this threat was used also took place in 2018. The Attor spyware is a high-end threat that is capable of causing a lot of trouble if it worms its way into one’s mobile device certainly. So far, the infection count of the Attor spyware remains low, as it is likely that the attackers are cherry-picking their targets. Make sure you have an anti-malware tool on your device and do not forget to update it regularly.