Trojans steal company data in parallel campaigns

Symantec has uncovered a sophisticated Trojan, Backdoor. Egobot, which steals confidential information from Korean companies and also executives doing business with Korea.

October 16, 2013

Sophisticated Trojans Steal Sensitive Company Data in Parallel Campaigns – Info from Symantec

Symantec has uncovered a sophisticated Trojan, Backdoor. Egobot, which steals confidential information from Korean companies and also executives doing business with Korea (including targets from Australia, Russia, Brazil, and the United States). The attackers will often send their victims a spear-phishing email containing malware that appears to be from someone they know (see screenshot below). Once the payload has been downloaded, the Trojan is able to do the following:

• Record video and audio
• Take screenshots
• Upload files to a remote server
• Obtain a recent document list

Symantec has also uncovered another Trojan, Infostealer. Nemim, which we believe originates from the same source as Backdoor. Egobot. A component of this Trojan can steal stored account credentials from many applications, including Internet Explorer, Mozilla Firefox, Google Chrome and Microsoft Outlook. Japan and the United States are the main targets of Nemim, followed by India and the United Kingdom.

More information can be found here:
• Backdoor. Egobot : http://www.symantec.com/connect/blogs/backdooregobot-how-effectively-execute-targeted-campaign
• Infostealer. Nemim : http://www.symantec.com/connect/blogs/infostealernemim-how-pervasive-infostealer-continues-evolve