Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

Archive

Posts Tagged ‘man-in-the-browser’
September 25th, 2013

Win32/64:Napolar: New Trojan shines on the cyber crime-scene

In recent weeks, malware samples resolved as Win32/64:Napolar from AVAST’s name pools generated a lot of hits within our file and network shields. Independently, we observed an advertising campaign of a new Trojan dubbed Solarbot that started around May 2013. This campaign did not run through shady hacking forums as we are used to, but instead it ran through a website indexed in the main search engines. The website is called http://solarbot.net and presents its offer with a professional looking design:

_napolar_intro

For the Win32/64:Napolar Trojan, the pipe used to inter-process communication is named \\.\pipe\napSolar. Together with the presence of character strings like “CHROME.DLL,” “OPERA.DLL,” “trusteer,” “data_inject,” and features we’ll mention later, we have almost no doubts that the Trojan and Solarbot coincide. Let us look at some analysis.

Read more…