By GoldSparrow in Trojans

Dunik is a Trojan infection. Computer users have reported Dunik infections in increased numbers since the beginning of 2016. Trojans are threats that may be distributed by disguising themselves as a legitimate or useful content. It gets its name from the Trojan Horse because, much like the hidden soldiers delivered during that attack, Trojans may deliver a threatening payload once they enter a computer disguised as something else. Dunik may be used to create a backdoor on the infected computer. This means that using Dunik third parties may establish a connection to the infected computer. This backdoor may then be used to collect data, install other threats, or control the infected computer remotely. Dunik may be distributed through corrupted email attachments or attack websites that use exploit kits to deliver threats.

How Dunik is Distributed and How It may Attack a Computer

In most cases, Dunik first enters a computer when the computer users open an infected email attachment. Emails containing Dunik may impersonate legitimate corporate emails or messages from airlines, couriers, insurers, etc. Computer users may be tricked into believing that the file attachment is an invoice, a bill, an itinerary, or another kind of important file. However, when the computer user opens the file, it runs and installs Dunik. Trojans like Dunik depend on computer users to open them, and may use social engineering to trick them into believing that the threatening file is legitimate. This is an attack method that is used by many threats. Because of this, PC security researchers strongly advise computer users never to open email attachments when they are not sure of their contents and sender.

How Dunik and Similar Trojans may Infect a Computer

Although it is likely that Dunik is based on earlier threats, or was present in the wild earlier, the bulk of Dunik attacks has been reported since late 2015. Dunik uses various obfuscation techniques and misappropriated certificates to avoid anti-malware software or detection by computer users. Dunik attacks computers on the Windows operating system, attacking all versions of Windows. Once Dunik has infected a computer, its backdoor may be used in a variety of ways. Backdoor Trojans like Dunik may be used for multiple types of hoaxes, ranging from data collection to the delivery of other threats. The following are the commons steps that may be involved in a Dunik attack:

  1. Dunik may be delivered using a corrupted email attachment. A suspicious email will arrive in the victim's inbox, often containing an embedded link or attached file. In many cases, the email may look like an official email from a trusted source. The included file may be a PDF or DOC file, which may be altered to deliver threats using known vulnerabilities. However, threatening executable files and archive files (RAR or ZIP) are also common.
  2. When computer users open the attached file, Dunik will immediately identify the affected computer's settings and establish a connection to its Command and Control server. Dunik also may attempt to shut down security measures on the infected computer, including its firewall and security software.
  3. Using this backdoor, Dunik will send the system's settings to the remote server and receive instructions from its controller. These instructions may instruct Dunik to carry out various attacks, such as collecting data or downloading and installing other software.
  4. The backdoor created by Dunik may be used in both directions, both to deliver data from the infected computer to the remote server and to download data from the remote server into the infected computer Once Dunik is installed, it may be used to record keystrokes and take screenshots, in an attempt to collect important data such as credit card numbers or online passwords.

Related Posts


Most Viewed