Recently, a new strain of malware called “SquirtDanger” has been found by researchers at Palo Alto Networks Unit 42, and it’s a particularly nasty one for a couple of reasons. First and foremost, the owner of the malware isn’t orchestrating campaigns himself, but rather, selling his product as a commodity on the Dark Web.
That has troubling implications because the malware is quite advanced, and since it’s being sold to a broad cross-section of hackers, odds are excellent that it will be used in numerous campaigns that could affect a number of industries.
As for the software itself, it gives the hackers who purchase it a vast array of tools. It communicates back to its controller every minute, giving the hackers who use the malware a tremendous amount of usable data.
Among other things, SquirtDanger can take live-action screen shots of an infected device, steal passwords, and send, receive, or delete files on the target system. It can also swipe directory information and drain the contents of cryptocurrency wallets, making it something of a “Jack-of-All-Trades” malware.
Also, there’s no single attack vector being used to infect machines with SquirtDanger. According to the research team, the most common means of infection is that the malware is disguised as a piece of legitimate software and installs when the poisoned executable file is run.
Researchers from Unit 42 had this to say on the matter: “Being infected with any type of malware represents significant danger to an individual or victim. However, because of the large list of capabilities this malware family includes, it would certainly be very bad for the victim.”
At latest count, the researchers have discovered 1,277 unique SquirtDanger samples in the wild, tied to 119 unique command and control servers that were widely geographically dispersed. Odds are, there are many more samples that have yet to be discovered. Be on your guard, it doesn’t appear that this threat will abate anytime soon.