Cross-Platform / Modular Glupteba Malware Uses ManageX

We recently encountered a variant of Glupteba (detected by Trend Micro as Trojan.Win32.GLUPTEBA.WLDR). Glupteba is a trojan type that has been involved with Operation Windigo in the past. We also reported its attacks on MikroTik routers and updates on its command and control (C&C) servers.

With regard to its behavior, the variant shares many similarities with other Glupteba variants. Notable in this newly uncovered strain is the use of ManageX (detected by Trend Micro as Trojan.JS.MANAGEX.A), a type of modular adware that we recently analyzed. This entry also aims to emphasize the modularity and the cross-platform features of Glupteba as seen through the analysis of its code.

Read more…
Source: Trend Micro