Gamaredon Group Description
The Gamaredon Group is an APT (Advanced Persistent Threat), which some speculate originates from Russia, although this information is yet to be confirmed. The Gamaredon Group was first spotted back in 2013. This hacking group goes after Ukrainian targets mostly, which often tend to be high-ranking officials. The preferred propagation method is phishing email campaigns. The Gamaredon Group makes sure to make the emails seem as legitimate as possible by using various social engineering techniques. The phishing emails would often have an attached file that is tailored to look like an important document that needs immediate reviewing. This APT is known to use both hacking tools, which they have developed as well as threats that are available for purchase online. Furthermore, the Gamaredon Group also has been spotted weaponizing genuine applications and deploying them in their harmful campaigns.
The Pteranodon Backdoor Trojan
The Pteranodon backdoor Trojan is among the arsenal of hacking tools of the Gamaredon Group. This Trojan is known to be a very well-developed threat, which can cause a lot of damage. The Pteranodon backdoor Trojan is used for espionage-related operations mainly, as it can collect data by taking screenshots of the victim’s desktop. This threat also can be used to deploy additional malware on the infected host by utilizing its backdoor feature.
Uses Legitimate Applications in Harmful Campaigns
As we already mentioned, the Gamaredon Group is known for using legitimate software in its threatening operations. The start of this was in 2014 when malware researchers detected that the Gamaredon Group is spreading a variant of the genuine remote access application known as RMS (Remote Manipulator System). Remaining faithful to their propagation methods, the Gamaredon Group was using phishing emails as the infection vector in this campaign. The emails would contain an attachment, which was macro-laced and carried the payload of the tool. Throughout the years, using legitimate remote access software like RMS became another signature move of the Gamaredon Group.
The Gamaredon Group is a patient bunch, and they make sure to collect information over time, being careful about not raising any red flags and remaining under the radar of their victims.
Do You Suspect Your PC May Be Infected with Gamaredon Group & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Gamaredon Group as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.