ChewBacca Malware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Ranking: | 5,208 |
Threat Level: | 20 % (Normal) |
Infected Computers: | 2,123 |
First Seen: | December 23, 2013 |
Last Seen: | September 19, 2023 |
OS(es) Affected: | Windows |
Security researchers have issued warnings about the ChewBacca malware, a harmful information-stealing threat that uses TOR to make its communications with its command and control server anonymous.TOR is being integrated into an increasing number of threats, including high profile attacks like ZeuS variants in the wild. Tor has increasingly become a worrying aspect of online communications for law enforcement. TOR has useful applications, for example, to allow political activists and other potentially endangered individuals to communicate anonymously. However, TOR has been co-opted by criminal organizations for use in child pornography rings, underground markets, money laundering and to hide the tracks of various criminal organizations. The ChewBacca malware should be removed with a strong security program.
Table of Contents
The ChewBacca malware – A Weird Name for a Damaging Threat
The ChewBacca malware is not distributed publicly on underground forums. There may be several reasons for this; the ChewBacca malware may still be in development or its developers may only sell the ChewBacca malware privately. Some specific characteristics of the ChewBacca malware include the fact that the ChewBacca malware is developed using Free Pascal 2.7.1, the ChewBacca malware is contained in an executable file measuring 5MB and uses TOR 0.2.3.25 to communicate with its command and control server. Although the ChewBacca malware is commonly known after the famous Star Wars character, the ChewBacca malware is commonly also known as Trojan.Win32.Dsysna.fej. As soon as the ChewBacca malware is installed on the affected computer the ChewBacca malware drops its compromised executable, gathers information about the victim's IP address and installs TOR software.
Avoiding the Spiteful Presence of the ChewBacca malware
As soon as the ChewBacca malware is installed, the ChewBacca malware logs the victim's keystrokes into a file named system.log. This file is then sent to a third party using TOR. The ChewBacca malware may be uninstalled by a third party to prevent malware researchers from studying the ChewBacca malware closely. Although TOR is increasingly being used by threats like the ChewBacca malware, there are downsides to TOR that have prevented criminals from adopting it. TOR communications are slower. Also, using it excessively has attracted the attention of law enforcement, which may compromise the anonymity of this threatening network.
SpyHunter Detects & Remove ChewBacca Malware

File System Details
# | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|
1. | tor.exe | |
2. | recvdata.php | |
3. | sendlog.php | |
4. | system.log |
URLs
ChewBacca Malware may call the following URLs:
https://thebestoffersintheweb.com/redirect |
thebestoffersintheweb.com |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.