Threat Database Trojans JasperLoader


By GoldSparrow in Trojans

JasperLoader is a Trojan downloader that is used by criminals to carry out malware campaigns. JasperLoader is being used in attacks against computer users, and JasperLoader has been linked to at least one malware campaign used to deliver a Trojan known as Gootkit Trojan. The role of Trojan downloaders like JasperLoader is to infiltrate a computer device, remove any security protection, connect to a Command and Control server and then download and install a payload. The campaign involving the JasperLoader Trojan downloader is impressive particularly because it seems to involve victims all around the world.

How the JasperLoader Trojan Downloader Attack Works

Once JasperLoader is installed on the victim's computer, JasperLoader will make the changes necessary to allow the payload to be installed on the targeted PC. In the case of the malware campaign observed by PC security researchers, this payload is the Gootkit Trojan. However, there is nothing preventing the criminals from using the JasperLoader Trojan to carry out other attacks or download other malware onto victim's computers. There are several tasks that are generally associated with Trojan downloaders like JasperLoader, and this threat is no exception:

  • JasperLoader will establish a connection with its Command and Control server, linking the criminals to the infected device.
  • JasperLoader will send information to its Command and Control server about the configuration of the infected device and its operating system architecture, as well as other data such as running programs and services. This allows the attackers to judge the target's security and deliver a payload that can be most effective on the targeted device.
  • JasperLoader will download and install the payload which, in the campaigns observed, was the Gootkit Trojan.
  • JasperLoader will make changes to the Windows Registry to ensure that the payload starts up automatically whenever the victim logs into the infected device or when Windows starts up.

These attacks with multiple stages are not uncommon and are a typical way of how modern malware campaigns work today. Computer users need to take steps to ensure that their computers are fully protected from JasperLoader and other threats and malware campaigns.

Protecting Your PC from Malware Campaigns Like JasperLoader

Threats like JasperLoader are threatening especially since they can essentially be used to deliver any threat to the victim's device. The best way to protect your computer from Trojan downloaders like JasperLoader is to have a security solution, which can intercept the JasperLoader Trojan downloader from being installed and interfere with its capacity to connect to its Command and Control server. The JasperLoader downloader itself is often delivered to the victim's computer via a dropper or some corrupted script. Because of this, PC security researchers strongly advise computer users to take steps to make sure that any possible avenues of intrusion are covered. This may include making sure to use strong passwords and security software and to be certain that all security patches and updates are always installed. Furthermore, computer users should be on guard against social engineering tactics such as those delivered via unsolicited email attachments or fake file downloads.

Responding to a JasperLoader Attack

If you think that JasperLoader or a similar threat may have affected your device, it is important to take steps to make sure that your device has not been harmed. Computer users should first use a security program to perform a full scan of their devices. They also should check their startup programs and Registry for any suspicious changes that may indicate the presence of malware. Finally, computer users should safeguard any information, such as online passwords and banking login information.


Most Viewed