14 DAY TRIAL // Security researchers have come across a new piece of malware. Dubbed Napolar, the threat is designed to steal information, launch distributed denial-of-service (DDOS) attacks, and act as a SOCKS proxy server.
Experts from both ESET and Avast have analyzed the threat. Its developers started advertising the Trojan in around May 2013, but the malware became active at the end of July.
Infections have been spotted mainly in South and Central America, in countries such as Columbia, Venezuela, Peru, Argentina, and Mexico. Some victims are also located in Poland, the Philippines and Vietnam.
What’s interesting about the Napolar Trojan is that it’s currently being advertised on a professional-looking website. Its author has named it Solarbot and sells each build for $200 (€150).
According to the Solarbot website, the threat has been developed in Lazarus IDE for Free Pascal. The malware is capable of launching various types of DDOS attacks; grab HTTP, HTTPS and SPDY form data from Internet Explorer, Chrome and Firefox; and steal POP3 and FTP login credentials from most email and FTP clients.
Researchers say that Napolar is distributed via Facebook as files entitled something like “Photo_032.JPG_www.facebook.com.exe.” When this file is executed, the victim is presented with several images of attractive young ladies. In the meantime, the Trojan downloader steps into play.
“Since malware has the ability to steal Facebook credentials, its operator can reuse those credentials to send messages from compromised accounts and try to infect the victim’s friends,” ESET Security Intelligence Program Manager Pierre-Marc Bureau noted.
Experts believe the new bot has the potential to become popular among cybercriminals. Firstly, because its creator is openly promoting it on the web. Secondly, it’s cheap, it’s actively maintained, and it’s easy to use.
The fact that it has some functionalities that are similar to more notorious pieces of malware such as ZeuS and SpyEye can also contribute to its success.