Spymel, a new Trojan discovered by Zscaler (a US-based cyber-security vendor), reaches computer through spam emails and remain undetected from security products.
This Trojan is attached to emails as an archive file. Once it is downloaded and decompressed, the archive file starts executing a JavaScript file that downloads and installs the actual malware executable, a .NET binary.
It is notion that the archive file does not contain the malware, so the antivirus products fails to flag the danger. .Net binary is also not detected because of the digital certificate that is issued by SBO INVEST via DigiCert.
According to Zscaler Spymel infections was first detected in early December 2015. As soon as they informed the case to DigiCert and had the certificate revoked. But the group behind Spymel quickly updated their certificate
.
Spymel can act like a malware payload downloader , make screenshots of a user's desktop, record videos of the desktop, log keystrokes, and upload stolen data to a remote server.
Spymel is a perfect example of malware, where malware can use archive files boobytrapped with JavaScript code and digital certificates to hide.
This Trojan is attached to emails as an archive file. Once it is downloaded and decompressed, the archive file starts executing a JavaScript file that downloads and installs the actual malware executable, a .NET binary.
It is notion that the archive file does not contain the malware, so the antivirus products fails to flag the danger. .Net binary is also not detected because of the digital certificate that is issued by SBO INVEST via DigiCert.
According to Zscaler Spymel infections was first detected in early December 2015. As soon as they informed the case to DigiCert and had the certificate revoked. But the group behind Spymel quickly updated their certificate
.
Spymel can act like a malware payload downloader , make screenshots of a user's desktop, record videos of the desktop, log keystrokes, and upload stolen data to a remote server.
Spymel is a perfect example of malware, where malware can use archive files boobytrapped with JavaScript code and digital certificates to hide.