Win32/Remtasu is a Trojan that steals sensitive information, notably using a keylogger. The latest variant also has the specific feature of opening and obtaining information the user has in their clipboard. As well as being able to access this data, the malicious code can capture keystrokes and store all the information in a file which is subsequently sent to an FTP server, where the cybercriminals can analyse and abuse the captured victim’s data.
In the first weeks of 2016, ESET has witnessed 24 different variants of this family of malicious code being spread. Although the current malware is from the same family as the one encountered last year, the way it’s being spread is different. We are no longer seeing propagation through e-mail, but instead infecting from direct download sites (usually with pirated content). Once a user downloads and executes the infected file, their data is compromised.
ESET warns that although having security software can help in detecting malicious content that tries to download itself, as ESET detects the Win32/Remtasu family of malware, being careful about what you click on will always bring further protection against such threats.
Since 1987, ESET® has been developing award-winningsecurity software that now helps over 100 million users to Enjoy Safer Technology. Its broad security product portfolio covers all popular platforms and provides businesses and consumers around the world with the perfect balance of performance and proactive protection. The company has a global sales network covering 180 countries, and regional offices in Bratislava, San Diego, Singapore and Buenos Aires.