June 24, 2016
A joint effort from multiple infosec researchers has uncovered more details about a mysterious new malware variant that appeared during the past weeks.
Named DELoader because it was seen targeting only users in German-speaking (DE) countries such as Germany and Austria, the trojan is a malware dropper, also called a malware loader, because its sole purpose is to “drop/load” other malware families on infected systems.
DELoader’s C&C server wasn’t secured, so researchers took a peek
When analyzing this malware, researchers discovered its C&C server, the IP address to which DELoader connects and asks for new instructions or the download URLs of the malware it needs to download for the infection’s second phase.
While looking at this C&C server, one researcher stumbled upon some open-access directories accessible via the Internet. Here, he found a log that contained the IP addresses of all targets infected with the DELoader malware.