Security researchers have been monitoring the activities of a piece of malware identified as Trojan.MyAgent. Based on their analysis, they’ve determined that its main targets are organizations from the defense, chemicals, technology and aerospace industries.
According to FireEye experts, the threat is spread via email as an attachment. In one of the samples they discovered, MyAgent came as an exe file which opened up a PDF document entitled “Health Insurance and Welfare Policy.”
Besides this decoy document, a file called ABODE32.exe
was also dropped in the operating system’s Temp
is designed to access Windows Protected Storage that contains various user passwords, including ones from Outlook and Internet Explorer. The component also accesses the Credentials Store, which also holds sensitive details.
Then, it attempts to connect to a command and control server whose details are hard coded inside the binaries.
Fortunately, at the time when this article was written, most antivirus solutions had no trouble identifying both the dropper
and the malicious exe
file as posing a threat.
On the other hand, MyAgent is an advanced piece of malware that possesses the capability of changing the way in which its payload is installed and there are some binaries that remain undetected by many security vendors.
This is why we recommend users to ensure that their security products are up-to-date. Also, we advise internauts to keep an eye out for any suspicious PDF documents that may be attached to unsolicited emails.