August 16, 2016 By Douglas Bonderud 2 min read

With such a massive install base, it’s no surprise that the occasional Trojan makes its way through Windows defenses to target users. As noted by Softpedia, however, a new, info-stealing Windows Trojan has emerged, and this one is after enterprise data.

Targeting files specific to the corporate environment, the malware looks to grab everything from passwords to financial data and then send this data to a command-and-control (C&C) server. Even more worrisome, while 34 out of 55 antivirus programs could detect the new attack, none of them properly identified the threat.

Here’s a look at the latest malware to saddle up and chase corporate secrets.

Windows Trojan Swipes Enterprise Data

While there’s not much data on the distribution method of these attacks, it looks like at least some cybercriminals are using a file named Aug_1st_jave.exe to spread their new code. According to BleepingComputer, which first identified the new Windows Trojan, once installed, the malware injects itself into the registry to run on startup and then compromises an active process, such as Google Chrome.

Next, it starts scanning victim PCs and sends back data including the computer name, username, Windows version, installed service pack details and the list of programs found in specific registry keys. Once a solid C&C connection is established, the Trojan looks for certain file extensions.

Data is then sent back to the C&C server. In many cases, companies aren’t aware any intellectual property has gone missing, let alone being sold on the Dark Web for cash. While the BleepingComputer team tracked down a compromised website hosting a hidden iframe and prompted it to clean up its domain, the original C&C server is still up and running.

Trojan Triple Threat

This isn’t the only Trojan threat to hit Windows users in recent weeks. As noted by The Next Web, a piece of malware supposedly created by cybercriminals calling themselves PeggleCrew has been making the rounds. Surprisingly, the source is app download site FossHub, which prides itself on “no adware, no spyware, no bundles, no malware.”

The new code acts like a circa-1990 virus by overwriting the victim PC’s master boot record. An attacker claiming to be from PeggleCrew said FossHub left a network service open and unauthenticated, allowing them access.

The boot Trojan isn’t hard to fix with a Windows recovery CD. Still, it’s clear that Windows Trojans remain a real problem.

Defender Does Double Duty

The problem is so real, in fact, that the Windows Defender tool has been busy detecting Trojan threats other antivirus programs apparently can’t see, according to Windows Report.

A number of users have reported up to 10 Trojan warnings per day. These users said that Defender isn’t actually removing the threats and occasionally asks them to reboot their computers, even after a full clean starts the warning cycle again.

There’s no word from Microsoft on the issue, but a clean install is recommended. The behavior seems suspiciously like a legitimate service that’s been compromised by an outside actor.

Minor threats are par for the course, but more sophisticated attack vectors are on the rise as cybercriminals recognize the value of infiltrating corporate networks and exfiltrating critical data. They’re no longer horsing around with personal PC compromise; expect a run on enterprise entries and data disruptions.

More from

What does resilience in the cyber world look like in 2025 and beyond?

6 min read -  Back in 2021, we ran a series called “A Journey in Organizational Resilience.” These issues of this series remain applicable today and, in many cases, are more important than ever, given the rapid changes of the last few years. But the term "resilience" can be difficult to define, and when we define it, we may limit its scope, missing the big picture.In the age of generative artificial intelligence (gen AI), the prevalence of breach data from infostealers and the near-constant…

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Protecting your digital assets from non-human identity attacks

4 min read - Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today