Cyber security sleuths have alerted Indian Internet users about the destructive phishing attacks by virus ‘Golroted’ which could compromise personal email and banking-related data.
The virus, identified as ‘Golroted’, belongs to the deadly ‘Trojan’ category of computer viruses which is characterised by its smart capability of masking its original content and looking like genuine.
“It has been reported that variants of a new malware family, dubbed as Golroted, having spyware functionalities are spreading. These malware typically spread through spear phishing mails having attachments as zipped archives or Microsoft Office document exploits or via removable drives,” the Computer Emergency Response Team of India (CERT-In) said in a latest advisory to domestic Internet users.
The CERT-In is the nodal agency to combat hacking, phishing and to fortify security-related defences of the Indian Internet domain.
The agency said once the virus infects a system successfully, it is capable of stealing Personal Identifiable Information (PII) from the affected machine that includes computer name, local date or time, Internet Protocol address, installed security software, among other private and sensitive system details.
The virus is notorious for undertaking specific attacks with regard to banking and financial transactions, ultimately leading to loss of funds kept in the bank account.
“Golroted is reported as targeting banking sites, online payment sites, email accounts, social networking sites among others. The stolen information is ex-filtrated to a pre-configured File Transfer Protocol server/web panels or to email addresses as attachments,” it said.
The agency said at least two aliases or pseudo-identities of the said virus have been detected till now.
“The spyware is capable to log key strokes, capture screen shots, scrap web browsers for saved passwords, browsing history etc,” it said.
The agency has suggested some counter-measures in this regard.
Do not allow administrative access to systems, with the exception of special administrative accounts for administrators, do not download or open attachment in emails received from untrusted sources or unexpectedly received from trusted users, do not visit untrusted websites and enable firewall at gateway or desktop level.
The agency also said that vulnerable systems, whom the virus could target, should install and scan anti-malware engines and keep them up-to-date.
Do not follow unsolicited web links or attachments in email messages, limit or eliminate the use of shared or group accounts, turn off file sharing if not needed and disable “save credentials” feature in browsers, are some of the counter-combat measures suggested by the agency.