Threat Database Trojans Trojan.Spachanel


By Domesticus in Trojans

Threat Scorecard

Threat Level: 90 % (High)
Infected Computers: 3
First Seen: January 29, 2013
Last Seen: March 13, 2022
OS(es) Affected: Windows

Trojan.Spachanel was detected in January of 2013. This Trojan is contained in a tiny file and can affect the most currently used versions of Windows, going all the way back to Windows 95. Trojan.Spachanel belongs to a category of Trojans known as information stealers. Like their name implies, these kinds of Trojans are designed to attack a computer and allow a third party to gain access to personal data stored on the infected computer. Trojan.Spachanel poses a threat to your personal information, and while not causing direct damage to your computer, does have the potential to allow criminals to clean out your bank accounts or gain access to your email and social media accounts. As of the writing of this report, Trojan.Spachanel has not seen widespread distribution and has been contained to a relatively small geographical area. However, as its distribution mechanisms expand, it is likely that new cases of Trojan.Spachanel will appear in the wild.

Trojan.Spachanel carries out a typical Trojan attack, using tactics that ESG security researchers have seen countless times before. First Trojan.Spachanel will attempt to infiltrate a computer with the help of a social engineering mechanism. These will usually distribute malicious email messages or Instant Messages prompting computer users to either download the Trojan.Spachanel executable or visit an attack website that uses exploits in an attempt to execute Trojan.Spachanel on your computer. Once this occurs, Trojan.Spachanel will use a random file name and will place its executable file in the infected computer user's User Profile folder. Finally, Trojan.Spachanel makes changes to the Windows Registry that allows its executable to run automatically when Windows starts up. This malicious edit to the Windows Registry is disguised as a Windows Update registry entry.

How Trojan.Spachanel Carries Out Its Infection Process

Once installed on the victim's computer, Trojan.Spachanel will inject its malicious code into several processes on the victim's computer. The file processes are wuauclt.exe, iexplore.exe, chrome.exe, explorer.exe, firefox.exe, opera.exe, totalcmd.exe, far.exe, and cmd.exe. Trojan.Spachanel also uses a named Mapping file named chanel_qwm0g89h2bg82g890. The Trojan.Spachanel attack is not difficult to understand. Trojan.Spachanel gathers information on the infected computer and establishes a connection with the IP address This information can then be used to steal information from the victim's computer or to target the victim with additional malware, including adware variants and other kinds of malware infections that make it easier for criminals to monetize.


Most Viewed