Threat Database Malware StealthWorker

StealthWorker

By GoldSparrow in Malware

StealthWorker is a malware designed to collect information from the victims and carry out a variety of operations that can be part of larger malware campaigns. Modern malware like StealthWorker is designed to work silently and gather information about the victim quietly or carry out more subtle types of attacks that can allow criminals to profit at the expense of the victims while older malware could be quite destructive, wrecking their way through victims' hard drives and causing chaos throughout. Threats like StealthWorker can be used to steal data, or sensitive information from the victim or other threats can generate revenue by extorting the victims or causing secondary malware infections directly. StealthWorker is part of a malware campaign that has the goal of collecting the victims' login information for a large variety of online services, which may include email clients, JTP clients, server software and many others.

How StealthWorker and Similar Threats Work

One aspect of StealthWorker that makes it particularly impressive is that it is capable of processing the combined power of a large network of compromised computers. StealthWorker is capable of using brute force attacks to attempt to guess the targets' login credentials by using this pooled processing power. StealthWorker preys on computer users and administrators that use weak passwords thanks to the processing power behind the StealthWorker attack. StealthWorker and similar threats use automatic scripts and algorithms to guess the username and password combinations, which may involve billions of options to collect passwords using brute force techniques. Computer users with weak passwords can become prey to these kinds of attacks Quickly. StealthWorker stands out because it uses the combined resources of many devices to carry out these attacks, making its brute force attack stronger than most others. StealthWorker tries to collect login credentials for a wide variety of popular programs and online services, as well as online system panels for Cpanel, Mysql, SSH, Joomla, Magento, phpMyAdmin and similar platforms.

What is the Main Objective of the StealthWorker Attack

StealthWorker is written using Golang, which is not a common programming platform for malware threats. However, it does seem that StealthWorker carries out an effective malware attack. PC security researchers have not been able to find specific infection delivery methods or infection vectors associated with StealthWorker specifically, although it is very likely that StealthWorker is being distributed through the use of Trojan downloaders or droppers, which may include malware such as WallyShack. Once StealthWorker has entered a computer, StealthWorker makes changes to the infected computer, which allows it to start up automatically when Windows starts up. When StealthWorker starts up, it connects to its Command and Control server to receive instructions from its controllers. These are essential since being able to coordinate a network of infected devices is central to the StealthWorker attack. The instructions that StealthWorker receives from its Command and Control servers include URLs for the login pages that StealthWorker will target in its brute force attack. StealthWorker also will receive configuration information to be used in its malware attack.

Protecting Your Computer from StealthWorker and Dealing With This Attack

StealthWorker is designed to work in the background and not create a major disruption with the affected computer's activities so that computer users may not be aware that it is using the affected system's resources to carry out brute force attacks or attempting to collect their login credentials actively. Because of this, the best measure against StealthWorker, both in preventing and dealing with this threat, is to have a strong security scanner that is always up to date and capable of detecting threats like StealthWorker in real time, ideally before they are installed or manage to carry out attacks. Computer users also should protect their online accounts with strong passwords.

Trending

Most Viewed

Loading...