WiryJMPer Dropper Description
Cybersecurity experts have detected a new Trojan dropper in the wild. It goes by the name ‘WiryJMPer’ and, so far, it has been used to deliver one particular malware strain, the NetWire RAT. The purpose of Trojan Droppers is to deliver an embedded payload and assisting it when it comes to evading sandboxes and anti-virus engines. Malware developers tend to use a wide range of tricks to increase their Trojan Dropper’s odds of beating the security tools their target may use – in the case of the WiryJMPer Dropper, the corrupted file is loaded with junk code, as well as with useless functions that iterate through random sections of the code without doing anything meaningful.
A Basic Dropper Being Used to Deliver a Threatening Remote Access Tool
Despite being able to stay hidden from the eyes of malware researchers for at least a few months, the verdict is that the WiryJMPer Dropper is certainly not a state-of-the-art Trojan. It packs very basic code obfuscation and techniques and also applies some social engineering tricks to reduce the victim’s interaction with the software. Currently, the only users infected by the WiryJMPer Dropper and the payload it brings are likely to be users of the ABBC Coin Wallet. This is a legitimate tool, and it will work just fine if you download it from an official and trustworthy source. However, the authors of the WiryJMPer Dropper are hosting bogus copies of the ABBC Coin Wallet that serves as a host of the Trojan dropper. It is safe to assume that the user group that the WiryJMPer Dropper is targeted to currently is going to be crypto-currency users.
Crypto-Currency Investors are the Current Targets of the WiryJMPer Dropper
If the users end up executing the fake ABBC Coin Wallet installer on their computers, they may see several swiftly flashing program windows immediately. It is not known if this action is intended or not, but you can rest assured that this will not happen if you attempt to run an unaltered copy of the ABBC Coin Wallet. The fake installer will then proceed to launch the legitimate ABBC Coin Wallet installer, but it also will begin loading the NetWire RAT files in the background. During this period, it also will check for the presence of certain strings, processes, and Registry entries associated with the activity of various virtual machine software and anti-virus engines. If the Trojan dropper does not detect a sandbox environment or the presence of malware analysis tools, it will proceed to drop the NetWire RAT’s files to ‘%APPDATA%,’ and then place an ‘.LNK’ file in the Startup folder to gain persistence.
It is likely that the WiryJMPer Dropper will be used in future campaigns that may rely on a different malware strain. At the moment, it is recommended to protect yourself from this threat by using a state-of-the-art anti-virus software suite, as well as avoiding to download files from non-trustworthy sources.
Do You Suspect Your PC May Be Infected with WiryJMPer Dropper & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like WiryJMPer Dropper as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.