By GoldSparrow in Trojans

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 71
First Seen: August 19, 2016
Last Seen: May 2, 2022
OS(es) Affected: Windows

Aveo is a Trojan infection that is being used to target Japanese computer users. Aveo uses Command and Control servers located in the United States. Aveo seems to be related to FormerFirstRAT, a previously known threat. An Aveo distribution campaign currently being carried out in Japan has surfaced. Computer users are targeted with corrupted files that are used to install Aveo on their computers. The main distribution method associated with the latest Aveo distribution campaign is the use of spam email messages and fake documents, all using text in Japanese. PC security researchers have found links between Aveo and a family of threats known as FormerFirstRAT, which is also known by the name DragonOK. These were active in April of 2015 and were also used to carry out attacks against the Japanese public.

Although not Possessing a High Degree of Complexity Aveo may be Very Harmful

Aveo's attack is simple, but may be quite harmful. Aveo is not particularly sophisticated. Aveo uses a self-extracting WinRAR file. This file will drop a decoy document, containing content in Japanese, the Aveo's executable, and a script designed to clean up after the attack and remove copies of Aveo (this may be done to prevent PC security analysts from obtaining Aveo easily and studying the attack). Aveo is being distributed through self-extracting binaries that use icons that make the file appear as a Microsoft Office Excel file. When the file is launched, Aveo is installed, but an Excel file is also loaded.

The main purpose of Aveo is to create a backdoor into the victim's computer. Aveo is also considered a RAT (Remote Access Trojan). These infections are used to gain access to the victims' computers, controlling them from a remote location. Aveo contacts its Command and Control server, located in the United States, and communicates through an unencrypted channel. Aveo will send a unique identifier for the victim, and collect the victim's IP address, the version of Microsoft Windows on the victim's computer, the username and other data. Aveo then receives commands that may include reading the victim's files, carrying out various types of tasks on the victim's computer, or granting remote access to the threat's developers. Threats like Aveo may be used for a variety of purposes such as collecting the victims' data or using the infected computer to carry out attacks on other targets.

Protecting Your Computer From Threats Like Aveo

Backdoor Trojans like Aveo can be devastating, especially because of their flexibility. Essentially, Aveo gives a remote user complete access to your computer. This can enable con artists to collect your banking information, spread threats to your email contacts, install other threats on your computer, delete your files and gather your data. Because of this, ensure that you are protected from these threats adequately using a reliable, fully updated security application. The following are some steps you can take to ensure that your computer is properly protected from Aveo and similar threats:

  1. Ensure that you exercise caution when browsing the Web and opening emailed content. Most threats, including Aveo, are distributed using corrupted links or files attached to spam email messages or delivered in other ways. Using caution when dealing with this kind of content can go a long way towards protecting you from Aveo and other threats.
  2. However, regardless of the amount of caution you exercise, it is still essential that your computer is protected with an anti-malware application. Therefore, it is crucial that you have adequate security software installed.
  3. Ensure that all of your software is fully up-to-date with the latest security patches.

SpyHunter Detects & Remove Aveo

File System Details

Aveo may create the following file(s):
# File Name MD5 Detections
1. cd6d979280146c3205010ac3c4b81d02 cd6d979280146c3205010ac3c4b81d02 0

Registry Details

Aveo may create the following registry entry or registry entries:

Related Posts


Most Viewed