Threat Management, Malware, Security Strategy, Plan, Budget

‘SquirtDanger’ Swiss Army Knife malware steals cryptocurrency, takes screenshots

Palo Alto's Unit 42 researchers identified a new botnet malware family described as “Swiss Army Knife Malware” that was designed by a veteran threat actor and is capable of taking screenshots and draining cryptocurrency wallets.

Dubbed “SquirtDanger,” the malware family likely was created by a Russian hacker using the handle “TheBottle” and delivered via illicit software downloads also known as “Warez,” according to an April 17 blog post.   

The malware is also capable of stealing passwords, deleting malware, sending files, clearing browser cookies, listing processes, kill processes, getting directory information, downloading files, as well as uploading, deleting and executing files.

“Once run on the system, it will persist via a scheduled task that is set to run every minute,” researchers said in the post. “SquirtDanger uses raw TCP connections to a remote command and control (C2) server for network communications”

The malware's suspected author is a well-known Russian cybercriminal who has been active on global underground marketplaces for years. So far, researchers have spotted 1,277 unique SquirtDanger samples used across multiple campaigns.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.