By GoldSparrow in Backdoors

Any experienced cybersecurity expert knows that dealing with malware that uses a modular design is always a fascinating task. Since creating malware like this requires a fair bit of experience and expertise, encountering one is not a very common occurrence. Furthermore, such malware samples are likely to have some exciting features to explore. Such threats also are likely to make use of interesting techniques and vulnerabilities so that this is another reason why the Plurox backdoor may turn out to be a very peculiar prospect.

Malware experts have not yet determined what infection vector is being employed in spreading the Plurox threat. However, it has been confirmed that the authors of the Plurox backdoor have been using the popular exploits EternalSilence and EternalBlue. These exploits allow the threat to propagate itself to all the systems, which are connected to the network of the initially infiltrated machine. The fact that the Plurox backdoor is employing the EternalBlue and EternalSilence exploits may indicate that the creators of this threat are planning on launching campaigns targeting businesses and institutions specifically, which have large networks of computers.

It appears that the end goal of this operation is to plant crypto mining bots on the machines connected to the corrupted network and have them mine cryptocurrency, which will then be sent to the attackers’ wallet. Cybercriminals who make use of Trojan cryptocurrency miners often tend to stick to exploiting the CPU of their victim by mining for a cryptocurrency that uses a CPU-reliant algorithm (e.g., Monero). However, the authors of this Trojan have opted to include modules that would enable them to use the processing power of AMD or NVIDIA video cards, therefore broadening the range of cryptocurrencies they can mine.
When the Plurox malware lands on a machine, it would waste no time and connect to the C&C (Command & Control) server of the attackers. The Plurox backdoor can execute several commands:

  • Download and run plugins.
  • Update plugins.
  • Stop plugins.
  • Delete plugins.
  • Download and execute files.
  • Update.
  • Delete itself from the system.

The fact that the Plurox backdoor is capable of downloading and executing additional files means that the attackers can plant more malware on the infiltrated system and use it for various purposes.

For now, the Plurox malware has a relatively small reach, but it is likely that the authors of this piece of malware are planning a big future for it. You should look into obtaining a legitimate anti-malware application, which would keep your PC safe from the Plurox backdoor certainly.


Most Viewed