CowerSnail is a backdoor trojan developed by the same group who targeted Linux servers using the SambaCry vulnerability. It is written in the Qt coding framework typically used for developing cross-operating system applications. This trojan targets Windows computers and, as of July 2017, is only used as a backdoor as it only contains basic functionality. Its capabilities include receiving updates, executing any command, installing and uninstalling CowerSnail as a service, and collecting the following information: timestamp, installed operating system type, operating system name, host name, network interface information, core processor architecture, and physical memory information. Researchers found indications suggesting the authors may plan to add support for the IRC protocol. Developers use the IRC protocol to control infected hosts, often employed for botnets.

Technical Details

  • Securelist provides technical analysis on the CowerSnail trojan, available here.