The Trojan encrypts files with a Blowfish algorithm, making them difficult to recover

Sep 19, 2012 07:29 GMT  ·  By

Malware can be developed in almost any programming language. A perfect example is the Encriyoko Trojan, some of its components being developed in Go – a programming language introduced by Google at the end of 2009.

According to experts from Symantec, the threat works much like a piece of ransomware, searching infected machines for various file types and encrypting them.

It all starts with a file called GalaxyNxRoot.exe – written in .NET – advertised as an application that can be utilized to root Android phones.

Once it’s executed, the executable drops a couple of additional files - PPSAP.exe and adbtool.exe – both created in Go. The first file is responsible for collecting information about the infected system, including MAC address, usernames and process details.

Adbtool.exe is designed to download an encrypted file which contains a Dynamic-link library (DLL). This DLL – Trojan.Encriyoko - is the one responsible for encrypting source codes, images, archives, documents, audio, and other files.

Because the encryption uses the Blowfish algorithm, recovering the affected files is nearly impossible.