The Nazar APT (Advanced Persistent Threat) has unleashed a threat called EYService. The EYService malware is a backdoor Trojan that has not yet been used in many campaigns. This is likely because the Nazar hacking group is rather picky when selecting targets – they are likely to choose high-value victims instead of opting to launch mass-scale attacks on random users. Malware researchers dubbed this threat EYService malware because of the bogus name it utilizes to hide its components on the compromised system.
The EYService malware operates rather silently. This is because this threat is a passive backdoor – the EYService Trojan remains inactive unless the attackers send it a specific activation network packet from their C&C (Command & Control) server. This technique allows the EYService threat to operate for prolonged period without raising red flags on the infected system. It may evade detection by some anti-malware solutions and may not alarm the user until it is way too late, and the damage has been done.
The EYService backdoor Trojan has an impressive list of capabilities. This threat would allow the attackers to gain full access to the compromised host. The EYService malware is able to:
- Create a list of the applications installed on the infected system.
- Create a list of the files, partitions and hard drives present.
- Manage the files present on the compromised computer.
- Collect information regarding the software and hardware of the host.
- Record audio using the microphone on the system.
- Spawn a keylogging module that collects the keystrokes of the user.
- Restart or shut down the victim’s computer.
The EYService backdoor Trojan is a high-end threat that should not be underestimated. If you want to keep your machine free from the EYService malware, you should consider investing in a reputable anti-virus solution.