Pterodo

A Russian hacking group known as Gamaredon is likely to be the actor behind a hacking tool that has come into the spotlight recently. The name of the tool is Pterodo, and it can be classified as a backdoor Trojan. After analyzing the threat, malware researchers found that this strain resembles a previously uncovered backdoor Trojan known as the Pteranodon Trojan. The Gamaredon hacking group tends to launch attacks against various targets located in Ukraine.

The Pterodo backdoor may be a lite version of the Pteranodon Trojan as this newer threat packs fewer features than the original variant. This is what leads experts to believe that the Pterodo Trojan is meant to serve as a first-stage payload that would collect data regarding the compromised system. The gathered details would help the attackers make a more informed decision on how to proceed with the attack.

It would appear that the Gamaredon hacking group has a taste for high-ranking targets. The Russian group has deployed the Pterodo Trojan against military organizations reportedly, as well as government bodies in Ukraine. The Pterodo backdoor is programmed to check what is the default language set on the infected host. If the compromised system's language is set to Ukrainian, Russian, Belarusian, Armenian, Uzbek, or Tatar, the Pterodo Trojan will proceed with the attack. This clearly outlines the region that the Pterodo backdoor operates in – the ex-Soviet bloc. Putting such a limitation in place reduces the risks of the Pterodo Trojan being detected and dissected by malware researchers.

Spear phishing email campaigns are the most likely infection vector utilized by the authors of the Pterodo backdoor. It is likely that the attackers have designed the fake emails to look legitimate by claiming that they originate from a government institution or high-ranking official.

Cybersecurity experts believe that the Pterodo backdoor Trojan serves as a tool that would help the Gamaredon hacking group spy on their targets and collect sensitive data about their systems. The Pterodo Trojan operates rather silently, and if the threat is not detected and removed, it may reside on the infected host for a long period and gather a large amount of data.