Forshare

The ForShare malware is a recently spotted backdoor Trojan that has the potential to cause great damage to its targets. The ForShare Trojan is often delivered during attacks carried out by the operators of the MyKings Botnet. The MyKings Botnet consists of about 44,000 compromised systems reportedly, most of which are located in China, Taiwan, Russia, Brazil and the United States. The target of the MyKings Botnet’s operators is either under patched or unpatched Windows-based servers. These servers are seen as an easy target by cybercriminals and often end up being targeted in threatening operations. The servers targeted by the MyKings Botnet host various services such as Remote Desktop Protocol (RDP), MySQL, WMI, ssh, Telnet, IPC, MS-SQL, etc. Some of the servers that the MyKings botnet goes after, even host CCTV camera storage. Once the MyKings malware manages to infiltrate its target, it often drops the ForShare Trojan. Apart from planting the ForShare threat on the compromised system, the MyKings malware also makes sure to wipe out any other malware that may be present on the system so that it would operate more efficiently.

Capabilities

The ForShare Trojan is threatening particularly because once it has infiltrated a system, it serves as a backdoor for the criminals to plant additional malware potentially. The ForShare threat can be used in reconnaissance operations. This Trojan can spy on its victims because it has a keylogging module that allows it to record the keystrokes of the user and then transfer them to the attackers’ C&C (Command & Control) server. Keyloggers are usually used to collect information such as usernames, passwords, payment details, etc. Furthermore, the ForShare Trojan allows its operators to monitor the desktop and active windows of the victim, revealing further information to the attackers. The ForShare malware also can tamper with the user accounts present on the system, as well as the files of the victim.

The end goal of the operators of the MyKings botnet is to plant crypto-miners on the infected systems and use them to mine Monero coins. So far, they have managed to mine over 9,000 XMR, which is the equivalent of $3 million. The MyKings botnet operators are planting the ForShare Trojan on the compromised systems because it would allow them to monitor whether the crypto-miners they have installed are working correctly.