Asruex is a trojan, first appearing in 2015 and using malicious shortcut files to download the payload hidden in an image file to compromise corporate networks. A new variant of Asruex specifically uses old Microsoft Office and Adobe vulnerabilities (that may not have been patched yet) to infect systems by conducting remote code execution attacks and causing denial of service. Attack vectors include the misuse of stolen certificates, the use of .HTA files, and the infiltration of hotel Wi-Fi networks.

Technical Details

  • ZDNet provides technical analysis on the Asruex trojan, available here.