The Gamaredon hacking group is a well-known name in the world of cybercrime. This hacking group has been active since 2013 and is known for hijacking Ukrainian and Russian emails, hacking DNS providers and websites alike as means of spreading their malware. At first, the Gamaredon group would buy pricey malware on hacking forums, which they would then modify and use, but they began building their own hacking tools from scratch like the Pteranodon Trojan gradually. The group's toolkit now features several backdoors and RATs that use a modular structure, and have been built from scratch. This not only provides them with the capacity to evade anti-virus software, but it also gives them a flexibility that could be used to extend their list of features in the future.

The first campaign that included the Pteranodon backdoor was launched back in 2015. The Gamaredon hacking group has introduced several updates to the threat since then. However, some of Pteranodon's core properties are yet to be changed - for example, the actors have not bothered to implement the ability to choose a Command & Control server to communicate with dynamically. Instead, Pteranodon's latest versions still rely on a hardcoded C&C, which may prove to be an issue in the case the server goes offline or gets seized by the authorities. The Pteranodon Trojan is capable of taking screenshots of the desktop and sending them to the servers of the perpetrators of the attack. The Pteranodon backdoor can be set to take screenshots at a specific time or in set time intervals.

In addition to collecting screenshots, the Pteranodon Trojan also can serve as a first-stage payload, which would enable the attackers to plant more malware on the compromised machine and execute commands.

We advise you strongly to look into obtaining a reputable anti-virus software suite, which will keep your machine safe from nasty threats like the Pteranodon backdoor Trojan.


Most Viewed