Related Links

Related Stories

  • Fake Black Friday websites are a top source of rogueware
    In case you hadn't noticed, the curiously-named Black Friday shopping day in the US – due this coming Friday – has quietly been imported into the UK internet vocabulary, largely as a result of Amazon UK's lightening instant sales using the same term.It seems, the cybercriminals are not far behind, tapping the trending keywords to conduct a lot of search engine poisoning.
  • Panda's security director debunks common security myths
    Luis Corrons, Panda Security's director, has published a paper that debunks what he calls the top five urban IT security myths, including reports that the security companies hire hackers and that the same firms are behind the viruses in our industry.
  • Free iPhone rogueware running riot on Facebook says Sophos
    If you are a Facebook user, it seems you are very likely to see messages offering free iPhones popping up at various points. And, says Sophos, this is because this form of rogueware, as the IT security vendor calls the hacker attack vector, is very effective.
  • Fake anti-virus programmes hijack and block computers
    PandaLabs has identified an aggressive trend for selling fake anti-virus programmes or rogueware, where instead of users seeing a series of warnings prompting them to buy a paid version, a fake anti-virus programme is combined with ransomware, hijacking computers and rendering them useless until victims complete the purchase.
  • Rogueware is the new cybercrime threat says PandaLabs
    Research just released by PandaLabs claims that a new category of malware has arrived in the information security threats industry. Known as rogueware, the threat has, the company says, become a thriving business area for cybercriminals because the industry is "not even close" to winning the battle to stop it.

Top 5 Stories


DarkAngle trojan masquerades as Panda Cloud AV

08 October 2012

In a new twist to ‘rogueware’, Panda Security has warned that its cloud antivirus product name is being used to mask a particularly unpleasant trojan called DarkAngle. While victims may believe that they are installing anti-malware, they may actually be installing the malware itself.

The trojan in question is DarkAngle, and it does all the nasty things we have come to expect. “This Trojan is designed to steal every piece of information you can have in your computer,” PandaLabs technical director Luis Corrons told Infosecurity. “It can even use the computer's webcam and microphone to record video and audio and send it to the cybercriminals. Not only that, it can download and install new pieces of malware.” Nothing unusual about this,” he blogged elsewhere, “just one more to add to the more than 73,000 new viruses that appear every day.”

But it does do a bit more. It has its own evasion techniques, can kill processes and reloads itself on re-boot, making it particularly persistent. It also adds over 20Mb of junk data to itself to help avoid cloud scanning (since malware is rarely so large, some AVs don’t scan such large files).

This isn’t the first time Panda Cloud AV has been used as a lure. At the end of last year more traditional rogueware disguised itself as Panda Cloud and performed an automatic scan. Needless to say it found a range of false malware, but demanded it be purchased before the malware could be removed. “If you don’t [buy] it,” explained Corrons at the time, “you’ll get a message every now and then telling you are still infected. And what is worse, every time you try to run any program in your computer it will tell you that it is infected, so your computer will be useless.”

This one, however, looks like it “has been created by Chinese cybercriminals,” Corrons told Infosecurity. “As it is a Trojan it does not spread by itself, however cybercriminals will use different means to do so. Given the name of the file and the icon used, it looks like they are trying to offer it as a free download, via download portals and spam messages.”

If you’ve already got Panda Cloud you’re safe – Panda Cloud AV detects and removes DarkAngle. If you haven’t, Corrons offers the following advice: “If any user is offered any product from an untrusted source, it is better to visit the web site of the developer and get it from there.” Good advice for any software.

This article is featured in:
Internet and Network Security  •  Malware and Hardware Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×