The WhiteShadow threat appears to be what is often referred to as malware-as-a-service because instead of using it privately, its creators have decided to rent it out to potential clients. The WhiteShadow, in its essence, is a Trojan downloader, and most of its activity in 2019 involved delivering the infamous Crimson RAT to targeted systems. However, the WhiteShadow is capable of delivering a wide range of other malware to infected hosts , which includes Remcos, Agent Tesla, Formbook, njRAT and others.
Propagation Via Microsoft Office Attachments
The operators of the WhiteShadow downloader appear to be using spam email campaigns mainly to propagate this threat. Microsoft Office attachments containing corrupted macro-scripts seem to be the main infection vector employed in the spreading of the WhiteShadow malware. To get the user to allow the macro-scripts to be executed once the victim opens the attachment, the attackers tend to use various social engineering methods. If you fall for the deception of the WhiteShadow downloader operators, you may end up in a fair bit of trouble.
Uses an MSSQL Server
The WhiteShadow threat has some basic capabilities when it comes to detecting and avoiding sandbox environments. Its obfuscation techniques are not too impressive either. However, the WhiteShadow downloader, unlike most threats of this type, does not download its binary from a remote server set up by its operators. Instead, this cunning piece of malware establishes a connection with a Microsoft SQL database server from which it extracts an encrypted string by sending an SQL query. Next, the WhiteShadow threat would decrypt the string and archive it in a ‘.PKZip’ file. Then, the archived file is launched, and the threatening payload begins installing on the compromised host.
The WhiteShadow Trojan downloader can prove to be a rather nasty pest as it is likely to be rented out and spread by a variety of con artists worldwide. To reduce the risk of becoming a victim of the WhiteShadow downloader, make sure you update all your software regularly and have installed a legitimate anti-malware application.
Do You Suspect Your PC May Be Infected with WhiteShadow & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like WhiteShadow as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.