Shakti

In August, Bleeping Computer discovered a previously unrecognized information-stealing trojan, later dubbed Shakti by MalwareBytes. The trojan grabs documents from infected systems and uploads them to a malicious server. When Shakti runs, it configures itself to automatically start on login by configuring an entry in the Windows registry and then injects itself into a running process such as a web browser process. Afterwards, Shakti begins sending information to the C2 server using the Windows Message Queuing (MSMQ) protocol over HTTP. The C2 domain, web4solution.net, was registered in India, indicating the developers may be India-based hackers. Based on the trojan's fingerprints, MalwareBytes believes the trojan was created in 2012, before Windows 8 was released, and was likely designed for small operations of corporate espionage.

Technical Details

  • MalwareBytes provides technical details on Shakti, available here.
     
  • Bleeping Computer provides technical details on Shakti, available here.
 

One example of the Shakti trojan. Image Source: Bleeping Computer