Upclicker Uses Left Mouse Button to Execute Malicious Code When No One Is Looking

The method is used to protect the Trojan against being analyzed

By Eduard Kovacs on December 14th, 2012 15:31 GMT

Experts have identified a Trojan that relies on a mouse hooking function to evade sandbox environments.

Cybercriminals are aware of the fact that automated analysis systems don’t use the mouse, so they’ve developed their creations so that they step into play only when mouse movement is detected.

The Trojan analyzed by FireEye, Upclicker, is interesting because the malicious code is executed only after the user clicks the left mouse button and releases it.

Upclicker establishes malicious communication only when this particular action is performed.

A detailed technical analysis of this particular Trojan is described on FireEye’s blog.

A couple of months ago, experts from Symantec identified a similar Trojan which relied on mouse actions to determine whether or not it was being monitored by security experts.
Upclicker mouse hooking function
   Upclicker mouse hooking function
MORE ON THIS TOPIC
LATEST NEWS
HOT RIGHT NOW

Comments