Zyklon Malware can Recover Passwords and License Keys
The Zyklon malware has been around since early 2016 and it is a nasty bit of business. It mostly arrives as a zip file (if you are not blocking zip attachments at your inbound mail gateway, you should do that now). Assuming it gets in and the use opens the zip file, it exploits three different Microsoft Office exploits to gain a foothold in the user’s system.
It is able to steal license keys or serial numbers (I assume to resell on the black market) from 200 popular software programs. It can also steal passwords from a number of popular browsers (the downside of the convenience of having your browser save your passwords).
It can steal email passwords from popular programs like Thunderbird, Outlook express , GMail Notifier and a bunch of others.
It can also steal FTP passwords from a number of programs such as Filezilla and Dreamweaver.
As a competitive advantage, the malware is sold to hackers at several different license levels, from $75 on up, depending on what features the hacker wants to buy. Perhaps the hacker buys it at the entry level, uses it to steal passwords, sells the passwords and upgrades his or her license.
Oh, yeah, it can auto-update and download more modules/features if the hacker has bought those features.
This is a full featured pile of dog poop.
The best bet for avoiding this is blocking attachments, a good advanced anti malware solution and, most importantly, an aggressive cyber security education and anti-phishing program.
Information for this post came from SC Magazine and FireEye’s blog.