It is bad of the web that some developers only test sites against Chrome.Ĭhromium is an overall nice browser and the best browser for Linux desktops. Graphics and WebGL performance specifically is much, much better.Ĭhrome/Chromium is well tested by web developers due to it's dominant position so there is never an issue with sites not working correctly. Chromium is easy to use and it's overall performance is better than other browsers. Linux distributions offer a version of it called Chromium which is basically Chrome without a few Google-specific features.
Always be vigilant and cautious when installing software programs particularly if you are not certain of the source. %AppData%\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\Ĭ:\Program Files\jDownloader\config\database.scriptĬ:\ProgramData\APPDATA\ROAMING\FLASHFXP\3QUICK.DATĭuring this crisis, we urge our users to only use official and reputable websites as their source of information and news. %AppData%\Roaming\Ipswitch\WS_FTP\Sites\ws_ftp.ini %AppData%\Roaming\FileZilla\recentservers.xml %AppData%\Roaming\Opera Mail\Opera Mail\wand.dat %AppData%\Local\VirtualStore\Program Files (x86)\Foxmail\mail\ %AppData%\Local\VirtualStore\Program Files\Foxmail\mail\ %AppData%\Roaming\Trillian\users\global\accounts.dat %AppData%\Local\falkon\profiles\profiles.ini %AppData%\Roaming\Thunderbird\profiles.ini %AppData%\Roaming\Comodo\IceDragon\profiles.ini %AppData%\Roaming\Moonchild Productions\Pale Moon\profiles.ini %AppData%\Roaming\8pecxstudios\Cyberfox\profiles.ini %AppData%\Roaming\NETGATE Technologies\BlackHawk\profiles.ini %AppData%\Roaming\Flock\Browser\profiles.ini %AppData%\Roaming\Mozilla\SeaMonkey\profiles.ini %AppData%\Roaming\Mozilla\icecat\profiles.ini %AppData%\Local\Epic Privacy Browser\User Data %AppData%\Local\Elements Browser\User Data %AppData%\Local\Sputnik\Sputnik\User Data
%AppData%\Local\Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer %AppData%\Local\CatalinaGroup\Citrio\User Data %AppData%\Local\360Chrome\Chrome\User Data %AppData%\Local\Yandex\YandexBrowser\User Data %AppData%\Local\MapleStudio\ChromePlus\User Data %AppData%\Local\Tencent\QQBrowser\User Data\Default\EncryptedStorage %AppData%\Local\Tencent\QQBrowser\User Data %AppData%\Roaming\Opera Software\Opera Stable %AppData%\Roaming\Mozilla\Firefox\profiles.ini The following are some of the files that it tried to access: Also looks at possible data on FTP clients such as FTP Navigator,FileZilla and internet mail clients like Rimarts B2 and the Bat! It continues to peruse the system for more information such as browser profiles from popular web browsers such as Google Chrome, Firefox, UCBrowser, WaterFox, K-Meleon, Comodo Icedragon. Although the legitimacy of the website cannot be determined, it can only be assumed that it might have been compromised. Interestingly the domain bangborgoth appears to be a local government website in Thailand. It then establishes an encrypted communication to a remote server: Regasm.exe then peruses the system for internet browsing history, cookies, internet settings, machineGUID among many others and then makes a DNS query to cs58hostneverdie com.
It then spawns a legitimate windows dotNet file Regasm.exe to continue its malicious activity. HKCU\Software\VB and VBA Program Settings\Ejakulerdipotassicb6\BANNETMUNDENSA Name: CATHEXISTROPIKLUFTSPHOTOCOLL Data: Decelerationdi.It also adds an erroneous registry data under the VB/VBA Program settings key: To ensure persistence it adds the following to the registry: Upon execution, it creates a copy of itself in the following directory:
Within that archive is a file with the following filename: The Trojan arrives in an archive possibly distributed via spam.
As more and more states require citizens to wear masks in public, it was inevitable that malware authors will leverage on that current event and prey on the anxiety and fears of the global population. This week the Sonicwall Capture Labs research team received yet another Trojan capitalizing on the current Covid-19 pandemic.