Trojan.Win32.Bitpower

General explanation

Type: Trojan

Degree of destruction: average

Prevalence: high

What is a Trojan?

Trojans are types of malware that introduced themselves as healthy and legal software and act similarly to useful and applicable software but cause many destructions to the system when executing. The downloaded software from the internet, placing HTML text, attaching it to an email, etc are ways that trojans use to enter the system. Contrary to viruses and computer worms, Trojans are not reproducible.

What is Bitpower malware?

This is a Trojan type of malware that is Fileless and hides in the victim’s system registry and will begin its operation with each system boot. The ultimate goal of this malware is extracting cryptocurrencies that will occupy a percent of the system CPU and slow the system processes. Also, this malware provides a basis for downloading other malware in the victim’s system.

Technical explanation

Signs of infection

The two following registry paths will be viewed in the victim’s system:

  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] “{FCDBC6CB-021E-4264-863A-7E25BD96BA88}”=”\”[SystemRoot]:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\” -WindowStyle hidden -NoLogo -NonInteractive -ep bypass -nop iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp ‘HKCU:\\Software\\Classes\\jjBzwMoUbmI’).PHEMCHC)));”
  • [HKEY_CURRENT_USER\Software\Classes\jjBzwMoUbmI] “PHEMCHC”=
    “{FCDBC6CB-021E-4264-863A-7E25BD96BA88}”=hex:
    “{0DCA5441-C293-47C8-8351-B413298DCC80}”=hex:22,51,9a,64,dc

How to deal with it and disinfect the system

The following items are recommended to prevent the system from infection:

  • Disabling and limiting the execution of unnecessary scripts:

One of the increasing methods in malware is the use of little tools or WSF, VBS, JS, SCR, PS1 scripts, and such as the initial stages of infection. According to email service providers sending execution files and trespassing malware signature-based anti-virus, little tools, and ambiguous scripts.

  • Informing and training users to avoid dangerous behaviors:

Efficient training for users should be provided to avoid dangerous behaviors such as opening attached files in email, referring to unknown sites by clicking on suspicious links, and lack of receiving a file from authorized resources (downloading software and games crack files, updating versions, etc. from unauthorized resources can cause infection).

  • Continuous update of antivirus:

Our recommendation to you is Padvish Antivirus because the registry scanner of this anti-virus can easily remove the mentioned malware that is located in the registry and disinfect the system.

  1 person found this article useful

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>