Skip to main content

New Malware Takes Screenshots and Steals Your Passwords

By May 7, 2018June 8th, 2022Cybersecurity

Recently, a new strain of malware called “SquirtDanger” has been found by researchers at Palo Alto Networks Unit 42, and it’s a particularly nasty one for a couple of reasons.  First and foremost, the owner of the malware isn’t orchestrating campaigns himself, but rather, selling his product as a commodity on the Dark Web.

That has troubling implications because the malware is quite advanced, and since it’s being sold to a broad cross-section of hackers, odds are excellent that it will be used in numerous campaigns that could affect a number of industries.

As for the software itself, it gives the hackers who purchase it a vast array of tools. It communicates back to its controller every minute, giving the hackers who use the malware a tremendous amount of useable data.

Among other things, SquirtDanger can take live-action screen shots of an infected device, steal passwords, and send, receive, or delete files on the target system.  It can also swipe directory information and drain the contents of cryptocurrency wallets, making it something of a “Jack-of-All-Trades” malware.

Also, there’s no single attack vector being used to infect machines with SquirtDanger. According to the research team, the most common means of infection is that the malware is disguised as a piece of legitimate software and installs when the poisoned executable file is run.

Researchers from Unit 42 had this to say on the matter: “Being infected with any type of malware represents significant danger to an individual or victim. However, because of the large list of capabilities this malware family includes, it would certainly be very bad for the victim.”

At latest count, the researchers have discovered 1,277 unique SquirtDanger samples in the wild, tied to 119 unique command and control servers that were widely geographically dispersed.  Odds are, there are many more samples that have yet to be discovered.  Be on your guard, it doesn’t appear that this threat will abate anytime soon.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.