The Starslord malware is a second-generation version of the infamous SLoad threat. The SLoad malware was first spotted in 2018. This threat is designed to target Windows computers exclusively. After utilizing the SLoad threat for a while, its authors decided to develop a new and improved version of it. The Starslord malware is rather similar to the SLoad threat as it has most of its features. However, the authors of the Starslord malware have added new features to this malware, making it more threatening and potent than the Sload iteration. Both SLoad and Starslord are threats built to go after Windows systems. So far, the Starslord malware has been utilized in campaigns targeting companies and organizations in the United States and Europe.
Usually, the Starslord malware campaigns are carried out in four steps:
- Compromising the targeted host – the authors of the Starslord threat are likely to use bogus application downloads, phishing emails or other propagation methods.
- Collecting data regarding the software and hardware of the compromised host.
- Exfiltrating the collected data to the C&C (Command & Control) server of the attackers and registering the host as a compromised target.
- Enabling the attackers to plant additional corrupted payloads on the infected host with the help of the Starslord threat – RATs (Remote Access Trojans), keyloggers, infostealers, etc.
The authors of the Starslord malware have made sure this threat is well equipped to avoid sandbox environments and thus prevent cybersecurity analysts from studying it. If the Starslord threat detects that it is being run in a malware-debugging environment, it will cease operating.
What Makes Starslord 2.0 So Dangerous?
There are three main differences between the old and new versions of Starslord. The first is that it has an advanced tracking system to gather more information about how an infection is progressing. The second is that it uses WSF scripts rather than VB scripts during infection. The third is that it runs an anti-analysis trap to obfuscate its actions.
The advanced tracking features for Starslord 2.0 are nothing short of revolutionary. This is the first time that malware has been able to track and group targeted machines based on the progress of the infection. This feature allows the people behind the malware to customize which commands they send to computers per the stage of infection.
The anti-analysis trap mentioned earlier allows the threat actors to identify security researchers, create profiles based on them, and avoid sending any malicious payloads to those security hosts. This feature is called checkUniverse.
The new tracking functionality, combined with the anti-analysis trap, is what makes Starslord 2.0 such a useful tool for scammers and fraudsters selling pay-per-install malware services to customers. The term “pay-per-install” means that the threat actors are provided compensation each time they successfully install a chosen malware on a target device through Starslord 2.0.
How to Protect Against Starslord 2.0
Given that Starlosrd 2.0 attacks Windows systems, the security tools Microsoft developed are an excellent defense against it. Microsoft Threat Protection may be able to spot a Starslord 2.0 infection before it becomes an issue. Microsoft Threat Protection uses security signals from a range of sources to increase security across a machine.
Microsoft Defender Advanced Threat Protection (ATP), a platform made to help enterprise networks identify and address potential threats, helps fight Starslord 2.0 infections. ATP uses behavior-based machine learning to detect and analyze potentially suspicious behavior and advanced infection methods. The analysis is done in real-time through the cloud. It takes just milliseconds for the analysis to complete. When done, the service issues a verdict to the computer where the suspicious behavior was observed, letting the computer block the threat before it can do anything malicious.
Starslord's Defeat and Advancements
The new Starslord 2.0 is an advanced version of the sLoad virus. The latest version provides creators with the chance to install malware on infected computers, which they do in return for compensation from other malicious actors. Underestimating the risk posed by this virus could see a computer hit with an advanced banking Trojan or a similar problem. These Trojans are designed to collect information and credentials about online banking from infected machines. The malware includes an anti-analysis trap that makes sit more difficult for security analysts to detect.
The best method to spot and avoid Starslord 2.0 infections requires behavior-based machine learning, such as the processes used by the Microsoft Defender ATP. Microsoft Defender ATP has proven to be a useful tool in spotting and preventing ransomware attacks. The security tool found and prevented attacks by the infamous LokiBot malware, for example.