WhiteShadow Description

The WhiteShadow threat appears to be what is often referred to as malware-as-a-service because instead of using it privately, its creators have decided to rent it out to potential clients. The WhiteShadow, in its essence, is a Trojan downloader, and most of its activity in 2019 involved delivering the infamous Crimson RAT to targeted systems. However, the WhiteShadow is capable of delivering a wide range of other malware to infected hosts , which includes Remcos, Agent Tesla, Formbook, njRAT and others.

Propagation Via Microsoft Office Attachments

The operators of the WhiteShadow downloader appear to be using spam email campaigns mainly to propagate this threat. Microsoft Office attachments containing corrupted macro-scripts seem to be the main infection vector employed in the spreading of the WhiteShadow malware. To get the user to allow the macro-scripts to be executed once the victim opens the attachment, the attackers tend to use various social engineering methods. If you fall for the deception of the WhiteShadow downloader operators, you may end up in a fair bit of trouble.

Uses an MSSQL Server

The WhiteShadow threat has some basic capabilities when it comes to detecting and avoiding sandbox environments. Its obfuscation techniques are not too impressive either. However, the WhiteShadow downloader, unlike most threats of this type, does not download its binary from a remote server set up by its operators. Instead, this cunning piece of malware establishes a connection with a Microsoft SQL database server from which it extracts an encrypted string by sending an SQL query. Next, the WhiteShadow threat would decrypt the string and archive it in a ‘.PKZip’ file. Then, the archived file is launched, and the threatening payload begins installing on the compromised host.

The WhiteShadow Trojan downloader can prove to be a rather nasty pest as it is likely to be rented out and spread by a variety of con artists worldwide. To reduce the risk of becoming a victim of the WhiteShadow downloader, make sure you update all your software regularly and have installed a legitimate anti-malware application.

Do You Suspect Your PC May Be Infected with WhiteShadow & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like WhiteShadow as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.