Hackers and cybercrooks are commonly inclined to take the higher road to attack computers through more simplified methods. As such, a newer variation of a Trojan, called Aveo, is being used to target PCs located in Japan. Through the targeting and infection, Aveo is able to compromise victimized system's data, such as the IP address, operating system version, ANSI code page identifier, usernames for system access, and other pertinent information.
Computer security researchers at Palo Alto Networks have unmasked the Aveo Trojan and first found that it is starting to cause an uproar exclusively in Japan thus far. In their analysis of Aveo, they found that it has similarities to older malware within the FormerFirstRAT family, which is also known as DragonOK and also known to conduct attacks in Japan.
The makeup of Aveo, also revealed by Palo Alto Networks, is mostly simplistic but has the traits to do some severe damage in the way of collecting personal and identifiable information about computers that it infects. Additionally, Aveo is spread through common methods, which has proven to be quite effective.
The spread matrix of Aveo found by computer security researchers is that of spam email attachments where Aveo is bundled inside of a self-extracting WinRAR file, which is a common type of compressed of Zip archive that can carry a destructive malware payload. WinRAR is not malicious by nature, as it is yet another form of compressing files or data within a single archive. Though, hackers are inclined to use such compressed archives to spread malware, as they have done in the case of Aveo.
Trickery appears to be modern day hackers' M.O., as they have cleverly created Aveo to appear as if it is a Microsoft Excel document by changing the icon image. In such a case, the perpetrators behind Aveo our counting on computer users to click on what they think is a harmless Microsoft Excel document allowing curiosity to get the best of them. Once initiated, Aveo will start functioning much like a backdoor Remote Administration Tool (RAT) where it connects to a command & control server through an HTTP channel. From there, Aveo will receive the instructions, for now, to collect unique data on the infected PC and transmit it to a remote attacker.
Researchers are still unclear on the full scope of Aveo and its ultimate objective. It is believed that Aveo is in its infancy and could mold into a much more aggressive threat to later execute commands, write and read files, and perform other unknown functions to carry out malicious activities over the Internet. The possibilities are virtually endless with such a threat, which is nearly reminiscent to that of botnets or specialized malware that carries out illegal activities on the Internet without any indication to the computer user.
So far, what we can conclude about Aveo Trojan, is that it is stirring up a mess in Japan and has not made any jumps thus far to attack systems in any other area of the world. Though, things could change at any time, and we may eventually witness a widespread outbreak of Aveo or a related Trojan horse armed with a payload to pilfer data on infected PCs around the world.