GraceWire Trojan

The GraceWire Trojan is a threat that is used for reconnaissance operations. Some experienced cybercriminals like the con actors from the Evil Corp group have used this hacking tool. This hacking group also is called Dridex. It would appear that the cyber crooks from the Evil Corp hacking group have launched a new campaign propagating the GraceWire Trojan.

In their latest campaign, the Evil Corp group is distributing the GraceWire Trojan via bogus emails disguised as important messages in regards to the COVID-19 pandemic. It comes as no surprise that the cyber crooks have opted to use Coronavirus-themed emails – this is a technique that is gaining more and more popularity. The bogus emails in question would contain a seemingly harmless '.xls' or '.xlsx' file. However, these are macro-laced files, which, when launched, will display a decoy document, while also making sure to deploy the GraceWire Trojan on the targeted host. In past campaigns, the GraceWire Trojan was propagated via similar emails that appeared to contain an important attachment that needed immediate reviewing.

When the GraceWire Trojan compromises your system, you may not notice anything out of the ordinary. This threat is very stealthy and is not likely to raise any red flags. The goal of the GraceWire Trojan is to locate and collect data from the host, such as cookies, saved login credentials, etc. The GraceWire Trojan also can be used to collect specific filetypes or files with certain names from the victim's hard drive.

If you want your data and your PC protected from threats like the GraceWire Trojan, you should consider obtaining a trustworthy, up-to-date anti-malware application.