The NDiskMonitor malware is a backdoor Trojan that has only ever been used by the Patchwork APT (Advanced Persistent Threat). This led malware researchers to believe that the NDiskMonitor backdoor is a threat built by the members of the Patchwork hacking group. The Patchwork APT likely originates from India and is known under various aliases – Dropping Elephants, Neon, Operation Hangover, Chinastrats, Viceroy Tiger and MONSOON.
The attackers have opted to use the .NET framework to code their threatening application. The NDiskMonitor Trojan allows the Patchwork APT to execute remote commands on the infected host. The NDiskMonitor threat is not a threat that has a long list of capabilities. However, this is by design, as it allows the NDiskMonitor backdoor Trojan to operate very silently and avoid detection. Using fewer resources allow the NDiskMonitor threat to remain under the radar of its victims for prolonged periods. The NDiskMonitor backdoor Trojan is able to provide the attackers with a list of the files, folders, and drives present on the infected host. This would help the Patchwork hacking group to determine how to proceed with the attack and whether the compromised system hosts any information that would be of interest to the attackers. The NDiskMonitor malware also can serve as a backdoor that would allow the Patchwork APT to deploy additional threats on the infected host.
The NDiskMonitor malware may seem limited at first glance, but it is a threat that can cause significant damage to its targets. Protect your system by investing in a genuine anti-virus software suite.