New August Malware Discovered

Computer security researchers have identified a new malware known as August which infects users via Microsoft Word documents and Powershell scripts.

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

The August Malware Is A Dangerous Threat

Malware researchers have uncovered a dangerous new information stealing malware known as August. It infects its targets by infecting Microsoft Office Documents (Word files) that contain dangerous macros and Powershell scripts that lead to fileless infections.

The virus is distributed by a hacker known as TA530 who is famous for creating very personalized campaigns. The August malware is directed mainly against customer service and management staff at various retailer shops. The goal of the hacker is to steal account credentials and sensitive files from the compromised hosts.

The campaigns feature subject lines that reference to specific issues like customer purchases. The contents of the messages are designed in such a way so that they can trick the customer support staff by impersonating issue information placed in a malicious Word document. When it is opened the victims are offered to activate the malicious macro. If this is done a Powershell command is launched which triggers the August malware payload download.

The macros used in the attack campaigns are very similar to those that delivered the Ursnif banking Trojan. The software analysis indicates that it is written using the .NET framework and its developers have used Confuser to obfuscate its code. The security experts noted that the virus can steal and upload files with specific predefined file type extensions to a remote C&C server. In addition to the most popularly used files it can also steal crypto currency wallets including wallets for currencies like Electrum and Bither. The built-in detection module can also determine if security tools like Fiddler and Wireshark are installed on the compromised machines.

The virus has a rich feature set which includes the following capabilities:

  • Stealing of account credentials from FTP applications such as FileZilla, SmartFTP, Total Commander, WinSCP or CoreFTP
  • Stealing of acount credentials from Messenger applications such as PSI, Pidgin, LiveMessenger and others
  • Stealing cookies and passwords from the most popular web browsers and email clients such as Mozilla Firefox, Mozilla Thunderbird, Google Chrome and Outlook
  • August can gather detailed system information and upload it to the remote malicious C&C servers. The data includes the hardware ID, operating system version, account username and etc.
  • The communication can be encrypted using base64 encoding , random key generation, string reversal, character replacement and other methods

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

Was this content helpful?

Author : Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.


Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *