To make sure a process continues in between system reboots, the malware component "Updater" registers it in the Windows process Scheduler. As per researchers, the compromised system has the following kinds of malware installed on it:

• Orcus RAT: It has complete remote control capabilities, such as keylogging, webcam access, screen capture, and system modification for data exfiltration.
• XMRig: A cryptocurrency miner that mines Monero using system resources. To prevent discovery, it stops mining when the victim is using a lot of resources, as while they are gaming.
• 3Proxy: Enables attackers to redirect malicious data by opening port 3306 and injecting it into legitimate processes, turning compromised systems into proxy servers.
• PureCrypter: Ensures that the system is always infected with the newest threats by downloading and executing extra malicious payloads from outside sources.
• AntiAV: By altering its configuration files, AntiAV interferes with and disables security software, making it inoperable and leaving the system open to attack from other components.

The 'Updater' module, which runs when the system boots up, will reintroduce the malware even if the user finds and deletes any of them. Users should generally stay away from pirated or cracked software and use caution when installing files they download from questionable sources.

The STOP ransomware, which is currently the most active ransomware operation targeting consumers, has been distributed using similar operations. These files are frequently used to infect systems with malware—in this example, a whole set—because they are not digitally signed and users are willing to disregard antivirus warnings when launching them.

Impact

• Cryptocurrency Theft
• Security Bypass
• Unauthorized Remote Access
• Keylogging

Indicators of Compromise

Remediation

• Block all threat indicators at your respective controls.
• Search for indicators of compromise (IOCs) in your environment utilizing your respective security controls.
• Be vigilant when downloading software and double-check the URL to see if it is legitimate.
• Never download software from untrusted sources.
• Download apps only from official app stores like Google Play Store or Apple App Store. Avoid downloading apps from third-party websites or unofficial sources.
• Review the permissions requested by apps before installing them. Be cautious of apps that request unnecessary permissions or access to sensitive data.
• Do not download documents attached in emails from unknown sources and strictly refrain from enabling macros when the source isn’t reliable.
• Keep your operating system and apps up-to-date with the latest security patches and updates.
• Enable antivirus and anti-malware software and update signature definitions on time. Using multi-layered protection is necessary to secure vulnerable assets.
• Along with network and system hardening, code hardening should be implemented within the organization so that their websites and software are secure. Use testing tools to detect any vulnerabilities in the deployed codes.
• Maintain cyber hygiene by updating your anti-virus software and implementing a patch management lifecycle.
• Be cautious of unsolicited messages, emails, or links, especially from unknown or suspicious sources. Avoid clicking on suspicious links or downloading attachments from untrusted sources.
• Patch and upgrade any platforms and software timely and make it into a standard security policy. Prioritize patching known exploited vulnerabilities and zero-days.
• Regularly backup your data to a secure location, such as a cloud storage service or external hard drive.
• Develop and regularly update an incident response plan that outlines the steps to take in case of a security breach. Test the plan through simulations to ensure its effectiveness.