Megumin Trojan

By GoldSparrow in Trojans

Translate To:

The Megumin Trojan is a piece of malware that has been distributed in the world of cybercrime since the beginning of 2018, but it never gained traction. That is, until very recently. It would appear that the authors of the Megumin Trojan updated their creation and this attracted many shady individuals to their product. The Megumin Trojan is written in the C++ language and has a whole myriad of tools within it. Operators of the Megumin Trojan would be able to download and upload files from and on to the victim's computer, mine cryptocurrency, use the user's PC for launching DDoS (Distributed-Denial-of-Service) attacks, collect clipboard info and execute DOS commands.

To avoid being poked and prodded into by malware researchers, the Megumin Trojan employs some self-preservation tactics. It checks the system it has infiltrated to see whether it is a sandbox environment like the ones cybersecurity experts use to dissect and study malware. Among the tests that the Megumin Trojan conducts it checks if any of the most common tools employed in a sand-box environment are present – OllyDbg, Wireshark, IDA, ImmunityDebugger, HTTP Analyzer, etc. Additionally, it may check for certain field matches in the 'Process Environment Block' that are often typical for a controlled environment used for debugging.

The authors of the Megumin Trojan use the Windows Scheduled Tasks feature to gain persistence on the compromised system. This indicates that every time you reboot your system, the Megumin Trojan will be launched too. The attackers also may create a Windows Registry key that serves the same purpose. After the Megumin Trojan is initialized and has made sure to acquire persistency, the attackers can operate its features using an array of commands.

It would seem that the two most sought after features of the Megumin Trojan are the ones allowing them to mine cryptocurrency using the victim's computer, and can manipulate the clipboard data, which is most likely meant to be used in collecting cryptocurrency. This would be done by detecting when the victim has copied the address of a Bitcoin wallet, for example, and replacing it with the Bitcoin address of the attackers instead. Due to the length of Bitcoin wallet addresses, it is very likely that users may overlook this and fail to notice that it is not the right address that has been entered. The Megumin Trojan can mine cryptocurrency via NVIDIA GPU, AMD or the CPU. This nasty threat also can infiltrate and manipulate transactions conducted via Steam, Ya.money, VK.cc, QIWI and Ya.disk.

The Megumin Trojan has been into quite a lucrative tool since its last update because it has so many features and is not difficult to operate. Users need to stay vigilant of threats like the Megumin Trojan, keep all software up-to-date and acquire a reputable anti-malware tool.

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Megumin Trojan

Submit Comment

Related Posts

Trojan.Megumin

Trending

'YouPorn' Email Scam

Safe Search Eng

Findtheirreport.com

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen