Telecom Tidbits
Jared's Network and Security Blog
  • Home
  • Telecom Corner
  • About
  • Contact
  • Donate
  • Site Index
  • Links

BOLO: Netrepser Espionage Trojan

May 13, 2017 Jared Hall BOLOs, Internet Security, Microsoft Windows, Spy vs. Spy

Netrepser is a JavaScript (JavaScript ≠ Java) Trojan designed for espionage purposes. This was detected and reported by Bitdefender on May 5, 2017. Believed to be of Russian origin, the common distribution of this Trojan is by Email. However, its JavaScript nature suggests that this may be able to cause infections in web-based “Drive-By Download” fashion as well.

Bitdefender asserts that *most* (but not all) victims have been government entities. However, based upon a very recent hack of a local security company, I believe that this is Trojan “in the wild“. One unique characteristic of this Trojan is its use of Nirsoft utilities to steal all kinds of passwords (local and network), and perform network monitoring and keylogging.

Nirsoft is one of those “White Hat/Black Hat” companies. I use products from Nirsoft to support forensic efforts although make no mistake, they are not liked by Bitdefender. Nirsoft themselves provide a listing of password storage locations for popular Windows programs, although a little dated.

In the case of this small local company, Nirsoft’s “MailPass View” was likely invoked Their stolen Email credentials were used by IP addresses originating in Ukraine to send out spam and malware. Note that Email account usernames and passwords don’t bring great value, but they are aggregated and traded on the “dark web“.

Bitdefender’s Introduction can be found here: https://labs.bitdefender.com/2017/05/inside-netrepser-a-javascript-based-targeted-attack/.

Bitdefender’s Detailed PDF whitepaper can be downloaded here: https://labs.bitdefender.com/wp-content/uploads/downloads/inside-netrepser-a-javascript-based-targeted-attack/.

A locally cached version of Bitdefender’s PDF can be found here.

« Centralization, Decentralization, and AI » BOLO: WannaCry(pt) RansomWare

Tools & Downloads

Download Center

Categories

Good Reads (PDF)

Recent Posts

  • PayPal Woes and Degenerative AI
  • A Pathetic Defense of Julian Assange
  • Damned if you do. Damned if you don’t.
  • ProtonMail? Not Worth an Electron!
  • Give it a REST: Serious WordPress Bugs
$
Select Payment Method
Personal Info

Donation Total: $20.00

↑

  • Home
  • Telecom Corner
  • About
  • Contact
  • Donate
  • Site Index
  • Links
Temporal Based Intelligence © 2017